Wayfinder Closed Beta Test (“CBT”) Privacy Notice
Last updated: November 2022
Introduction – What is this notice for?
This privacy notice (this “notice”) is about how we use personal information about you called “personal data” when you’re playing Wayfinder (the “game”) during the Closed Beta Test (“CBT”).
Who are we?
We are Digital Extremes Ltd (“we” or “us” in the rest of this notice). We are located at 250 York Street, Ste 100, London, ON Canada, N6A 6K2 and you can find our contact details at https://www.digitalextremes.com/contact.
We make decisions about how and why we use your personal data when you use the game. The means we’re what’s called a “data controller” of this personal data.
What is personal data and why is it important?
Personal data is any information which identifies you (like your name, nickname, and email address). It is also information which can be pieced together with other information to identify you like your age, gender, or the technical IDs given to your phone/laptop (these IDs are sometimes known as “online identifiers”); and the interactions of you and your character in the game from which it’s possible to work out things about you, such as mission time, item acquisition rates, inventory amounts, avatar characteristics and choices (“gameplay data”).
It’s important to know what we do with your personal data, because you should be able to control what happens to it. By reading and understanding this notice, you will know how we collect, use, share, and protect your personal data, and how you can ask us to use it differently.
How do we collect your personal data?
Sometimes you give us your personal data directly - for example, when you are filling in your account setup form or contacting our customer support teams. The information that you are asked to provide and the reasons why you are asked to provide it will be made clear to you at the point we request it. Providing us with this information is voluntary, but if you choose not to provide it you may not be able to access the service or certain aspects of the service.
Sometimes we also collect information about you automatically when you use the service. Where this information can be linked back to you, it will be personal data. This information includes IP address, geographic location information using IP information, event data related to updates to your account information, microtransactional data, and advertising referral data.
If a data file called a “cookie” is downloaded onto your phone or laptop, that cookie might send your personal data to others (like Google) who pass your personal data onto us. For more information about cookies, the type of information they collect and why they collect it, and how you can consent or refuse to cookies being used, click here.
When are we allowed to use your personal data?
We are only legally allowed to use your personal data where a legal basis allows us to do so. These are the legal bases which could apply:
Legal Basis: “Contract” We need to carry out or sign up to a contract
When does this Legal Basis apply?: When it’s necessary to use your personal data to perform a contract with you, or because you have asked us to do something before signing a contract with you that requires the processing of your personal data. In these cases, if you don’t provide your personal data, then we won’t be able to perform the contract or do what you have asked us to do before signing the contract.
Legal Basis: “Legitimate Interest” It’s in our or someone else’s “ legitimate interests ”
When does this Legal Basis apply?: “Legitimate interests” is a legal phrase. It usually means a commercial or business interest that is important to us or another company, and which we’ve balanced against your right to privacy. We will always let you know what the interest is, and you can object to us using your personal data for these reasons on our online support portal.
Legal Basis: “Consent” You have given us your consent
When does this Legal Basis apply?: Sometimes we will ask for your (or we might need to ask for your parent’s) consent to use your personal data. This consent will always be clear and separated out from other information. You can always withdraw your consent via email at privacy@digitalextremes.com .
Legal Basis: “Legal obligation” We need to do something a legal obligation tells us to
When does this Legal Basis apply?: When it’s necessary to use your personal data so that we can perform our legal and regulatory obligations – so that we don’t break the law.
What personal data about you do we use, and why?
This table lists the types of personal data we use about you, and our reason for this:
Information you provide to us (either directly or through a third party):
The types of your personal data we use: Account setup information: Account ID, email, age, password, hardware ID, IP address.
Why we use this personal data: We use this information to create your account in order to provide access to the service in accordance with your request and in order to ensure that you are old enough to play.
Legal basis: Contract
The types of your personal data we use: Game development and optimisation : Entity / avatar data, gameplay related data (ie. account state, aggregate account data, play time, item acquisition rates, inventory amounts, ability usage, account ID of friends).
Why we use this personal data: We use this information in connection with development feedback and optimisations, including to provide functionality, gameplay and content improvements to the game
Legal basis: Legitimate interest - our interest in improving your and others’ future experiences with the game
The types of your personal data we use: Opt-in marketing and surveys : email, platform, transaction data.
Why we use this personal data: We use this information when you voluntarily provide it for the purposes of providing you with update and promotional emails.
Legal basis: Consent
The types of your personal data we use: Customer support : Any information voluntarily provided to customer support including email, login data, gameplay data and transaction data.
Why we use this personal data: We use this information to help provide support to you in relation to the issue you’ve contact us about.
Legal basis: Legitimate interest – our interest in answering your questions about our service in order to improve your experience and improve our relationship with you
The types of your personal data we use: Security : IP address, IP lookup information, account ID.
Why we use this personal data: We use this information to help provide security and network protection mechanisms.
Legal basis: Contract
The types of your personal data we use: Data subject request information : email address, transaction history, login history, proof of user's identity.
Why we use this personal data: If a data subject request is submitted, we use this information to confirm the requestor’s identity, your rights and to process the request.
Legal basis: Legal obligation - our obligations under data protection laws
The types of your personal data we use: Sending legal reports/responding to court orders : purchase and activity data, online identifiers, information requested by law enforcement.
Why we use this personal data: We may be required by law to disclose this information to law enforcement bodies.
Legal basis: Legal obligation – our obligations under intelligence and security laws
The types of your personal data we use: Friends list : list of friends that a player has added in game (Digital Extremes cannot see players on your friend list on the platform that you play the game).
Why we use this personal data: To allow players to easily communicate with each other and play with each other again.
Legal basis: Contract
The types of your personal data we use: Ad campaign information : Personal and online identifiers (such as first and last name, email address, or unique online identifiers) Geolocation information Inferences drawn from the above information about your predicted characteristics and preferences
Why we use this personal data: To allow us to determine the success of our advertising campaigns.
Legal basis: Consent
Information collected automatically or generated as part of our service to you:
What we are doing and why: Transaction records : payments through payment processors or respective distribution platforms, cost, product purchased, IP address, details of transactions linked to payment method, currency paid, vendor, item purchased, price paid, discount applied, shipping information.
The types of your personal data we use: We use this information to facilitate your payment and maintain a record of your transaction history.
Legal Basis: Contract
What we are doing and why: Generated account ID
The types of your personal data we use: We generate this and use this to store your service gameplay data (including level and progress) with your profile, and it allows you to connect to the service server.
Legal Basis: Contract
What we are doing and why: Gameplay Data : Various gameplay related data (i.e. account state, ping, mission time, item acquisition rates, inventory amounts, ability usage, account ID of friends)
The types of your personal data we use: We use this information to improve the game and provide you with feedback and information about your gameplay and progress.
Legal Basis: Legitimate interest – our interest in improving your and others’ future experiences with the game
What we are doing and why: IP address
The types of your personal data we use: We use this information to: Allow you to connect to the service server Optimize your matchmaking experience Determine your country of origin Security and anti-cheat functions
Legal Basis: Contract
What we are doing and why: Community monitoring activities : information in reports about suspected bad behaviour (e.g. cheating, harassment, language, etc)
The types of your personal data we use: We use this information to investigate instances of bad behaviour and to take relevant action in response. If your account is determined to breach our Terms of service, we may consider restricting or banning your access to the service.
Legal Basis: Legitimate interest – our interest in ensuring the security of our services, maintaining a fair gaming environment
What we are doing and why: Crash reporting log files and bug/crash reports providing information on an error that has occurred. In addition some diagnostic information may be obtained from your device where you choose to provide this information
The types of your personal data we use: We use this information to provide bug support and improve the stability of Wayfinder. We may so reach out to you to help fix the bug or crash.
Legal Basis: Consent – we rely on consent to obtain diagnostic information about your device and to contact you by email to help fix any related issues. Legitimate interests – our interest in improving the stability of the game and preventing bugs/crashes from happening.
What we are doing and why: Anti-cheat related information : basic hardware information, uniquely generated hardware ID, IP address, running process list (PC only), operating system information, user account information, processes, memory, and driver which is related to the game running, user behaviour and status that may be related to cheating software.
The types of your personal data we use: We use this information: to detect and observe cheating behaviours and consider restricting or banning access to the service to combat users registering for multiple accounts If your account is determined to breach our Terms of service, we may consider restricting or banning your access to the service.
Legal Basis: Legitimate interest – our interest in ensuring the security of our services and maintaining a fair gaming environment.
What we are doing and why: Data to provide you with chat access : text communicated to other players in-game (message history) both via player to player and group text chat, including account ID.
The types of your personal data we use: If you engage with chat services then we will process such data in order to deliver your messages to other users.
Legal Basis: Contract
What we are doing and why: Chat monitoring and logging: text communicated to other players in-game (message history) both via player to player and group text chat, including account ID.
The types of your personal data we use: We monitor and take logs and chats to ensure they are in keeping with our community standards. We will only review hashed communications when we are detecting abuse and spam.
Legal Basis: Legitimate interest – our interest in providing you with customer support and security by ensuring the messages you leave don’t breach our community standards
What we are doing and why: Financial reporting : Purchasing data, activity data, and IP lookup (country) data
The types of your personal data we use: We use this information to complete our financial reporting and disclosure obligations to parent company, tax agencies and regulators.
Legal Basis: Legal obligation – our obligations under tax and corporate law
Who do we share your personal data with?
Sometimes we share your personal data with other companies and organisations.
The types of companies and organisations we share your personal data with are as follows:
Does your personal data ever go to other countries?
Yes, sometimes your personal data goes to other countries as part of using your personal data in the ways we listed above. These countries will include Canada and the US and may include other countries like the Philippines.
If you are in the UK, the EU, or Switzerland and your personal data goes outside of the UK, the EEA or Switzerland, the law requires us to take extra steps to make sure your personal data is protected in the place it is going to.
We do the following things to make sure we are not breaking these laws:
We might take similar steps where you are in another country with similar legal requirements, as well.
If you want proof of or more information about any of these things, you can contact us here.
How long do we keep your personal data for?
We only keep your personal data for as long as is necessary. This will generally only be for one year after completion of the CBT test, or where the personal data relates to your Digital Extremes account, for one year following the eventual deletion of your account.
We might need to keep your personal data for longer if a law requires us to (for example, laws about record-keeping and tax). Normally this is about six to ten years. It we are keeping your personal data for longer in this way, we will make sure it is secure and you can still change what we do with it (see below).
Will we use automated decision-making?
We work with a third party anti-cheat software provider to detect cheating. We may process your personal data using automated decision-making methods in order to identify users who are cheating by observing and detecting cheating behaviours and users registering for multiple accounts.
If your account is determined to breach our Terms of Service, we may consider restricting or banning your access to the Game. Please see our Terms of Service for the Game here. If this happens, you will be informed of the outcome of the decision and you will have the right to obtain human intervention to express your point of view and context the decision by contacting us at privacy@digitalextremes.com.
What control do you have over your personal data, and how can you make us change what we do with it?
Because your personal data is about you, you should be able to control what happens to it.
We provide different ways you can do this. The easiest way is to write us an email (privacy@digitalextremes.com) requesting one or more of the following:
You can also submit requests to exercise these rights by contacting us at privacy@digitalextremes.com.
Unfortunately we’re sometimes not able to do the things you tell us to, for example because of the particular legal basis we have been relying on to process your personal data, or because it would interfere with another person’s own privacy rights. If this happens, we’ll explain to you why we aren’t able to do what you tell us to with that piece of personal data.
We may also be required to keep certain personal data to satisfy legal requirements or for security purposes, or if there are valid grounds under data protection laws for us to do so (for example, for the defence of legal claims or freedom of expression) but we will let you know if that is the case.
Children
None of our services or content on our websites are designed or intended for children under 16 years of age. Our content is in compliance with the Children's Online Privacy Protection Act (COPPA) and will never be directed at children under 16 years of age. If you are under the restricted age for data protection purposes in your jurisdiction, you are not permitted to access the websites or games unless your parent or guardian has provided express consent. Please see our Terms of service and End-User License Agreement for additional information.
We do not knowingly collect personal information from children under these ages for any purpose. If you believe that we have personal information of a child under these ages without parental/guardian consent, or if you are the parent or guardian of the user and wish to withdraw consent, please contact us at privacy@digitalextremes.com.
Updates to this policy
We may make updates to this policy from time to time (for example because our services have changed or because of changes in laws). We will appropriately notify you of this. The date this notice was last updated can be found at the top.
Other locations
If you live in any of the following locations, you can read more about the additional privacy terms which apply to you here:
How can you ask questions or make a complaint about your privacy?
If you have any questions about what we have said in this notice or how your personal data is used, you can contact us about it.
Our contact details are:
E-Mail: privacy@digitalextremes.com
Address: 250 York Street, Ste 100, London, ON Canada, N6A 6K2
If you are located in the EEA or the United Kingdom and have questions about your personal data or would like to request to access, update, or delete it, you may contact our representative at:
Jurisdiction: EU
Name: Bird & Bird GDPR Representative Ireland
Address: Deloitte House, 29 Earlsfort Terrace, Dublin 2, D02 AY28
Contact details: EUrepresentative.DigitalExtremes@twobirds.com Key contact: Vincent Rezzouk-Hammachi
Jurisdiction: UK
Name: Bird & Bird GDPR Representative Services UK
Address: 12 New Fetter Lane, London, EC4A 1JP, United Kingdom
Contact details: UKrepresentative.DigitalExtremes@twobirds.com Key contact: Vincent Rezzouk-Hammachi
You can also contact the official organisation which regulates personal data in your country (the “regulator”) to lodge a complaint, if you think we are not using your personal data correctly. Please see the Annex to this notice which lists the contact details of the different regulators.
Thank you!
We hope you have a great time playing Wayfinder!
--
If you live in California:
California Privacy Rights This section contains disclosures required by the California Consumer Privacy Act (“CCPA”) and applies only to “personal information” that is subject to the CCPA.
Personal Information we Collect. In the preceding 12 months, we collected the following categories of personal information about California consumers. We do not sell personal information.
Categories of Personal Information: Personal and online identifiers (such as first and last name, email address, or unique online identifiers)
Disclosed for business purposes to the following categories of third parties:: All categories listed below.
Sold to following categories of third parties:: All categories listed below.
Categories of Personal Information: Internet or other electronic network activity information (such as browsing history, search history, interactions with a website, email, application, or advertisement)
Disclosed for business purposes to the following categories of third parties:: All categories listed below.
Sold to following categories of third parties:: All categories listed below.
Categories of Personal Information: Geolocation information
Disclosed for business purposes to the following categories of third parties:: All categories listed below.
Sold to following categories of third parties:: All categories listed below.
Categories of Personal Information: Inferences drawn from the above information about your predicted characteristics and preferences
Disclosed for business purposes to the following categories of third parties:: All categories listed below.
Sold to following categories of third parties:: All categories listed below.
Categories of Personal Information: Other information about you that is linked to the personal information above
Disclosed for business purposes to the following categories of third parties:: All categories listed below.
Sold to following categories of third parties:: All categories listed below.
Categories of Sources. We collect personal information from the following categories of sources:
Why We Collect, Use, and Share California Information. We use and disclose the personal information we collect for our commercial and business purposes, as further described in this Privacy Policy. These commercial and business purposes include, without limitation:
Recipients of California Personal Information. We disclose the categories of personal information designated above to the categories of third parties listed below for business purposes:
Your Rights Regarding Personal Information. California residents have certain rights with respect to the personal information collected by businesses. If you are a California resident, you may exercise the following rights regarding your personal information, subject to certain exceptions and limitations:
To exercise any of the above rights, please contact us and submit the required verifying information, by emailing us at privacy@digitalextremes.com.
Verification Process and Required Information. Note that we may need to request additional information from you to verify your identity or understand the scope of your request, although you will not be required to create an account with us to submit a request or have it fulfilled. We will require you to log-in to your account first to verify your identification. If this is not possible, we may ask you to provide additional information, including email address, details about your account and activities in Wayfinder, or other such information as may be needed.
Minors’ Right to Opt In. We do not have actual knowledge that we sell the personal information of minors under 16 years of age.
Annex – list of regulators you can contact
You can contact the regulator on this list which is in the country you are located in: