Effective October 14, 2020
TYPES OF INFORMATION WE COLLECT
Information You Provide
We and our Service Providers (defined below) collect information you provide directly via the Services. For example, we collect information when you play our games, receive customer or technical support, purchase a product, enter a raffle or sweepstakes, apply for a job, or otherwise communicate or transact with us through the Services.
The information we collect includes “personal information" which is information that can be used to identify you personally (whether alone or in combination), such as your first and last name, email address, and postal address.
You may choose to voluntarily submit certain other information to us through the Services, but you are solely responsible for your own information in instances where we have not requested that you submit such information to us.
Information We Collect Automatically
In addition to any information that you choose to submit to us via the Services, we and our Service Providers may use a variety of technologies that automatically store or collect certain information whenever you visit or interact with the Services. This information includes IP address, device identifier, browser type, operating system, domain names, access times, and other information about your use of the Services. This information may be stored or accessed using a variety of technologies that may be downloaded to your personal computer, browser, laptop, tablet, mobile phone or other device whenever you visit or interact with the Services.
The types of tracking technologies used to collect this information include:
Log files are files that record events that occur in connection with your use of the Services.
Cookies are small bits of electronic information that a website sends to a visitor’s browser and are stored on the visitor’s device. Like many websites, we employ cookies in certain areas of the Services to allow us to provide information to make your online experience more convenient and to enhance your experience with the Services. For example, cookies provide information so that the Services will remember who you are on subsequent visits, speeding up or enhancing your experience of the Services by, for instance, tailoring content to you. A user may configure their web browsers to accept or reject or delete the cookies, or notify the user when a cookie is being set, as further discussed in "Your Rights and Choices" below.
We employ web beacons or clear gifs, that help us better manage content on our Services by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of users. In contrast to cookies, which are stored on a user’s device, clear gifs are embedded invisibly on web pages and are about the size of the period at the end of this sentence. In short, clear gifs enable two websites to share information with one another.
A tracking "pixel" is a transparent graphic image (usually 1 pixel x 1 pixel) that is placed on a web page and allows for the collection of information regarding the use of the web page that contains the tracking pixel.
With your consent, GPS (global positioning systems) software, geo-filtering, and other location-aware technologies may locate your precise location for purposes such as verifying your location and delivering or restricting relevant content based on your location.
In-App Tracking Methods
There are a variety of tracking technologies that may be included in mobile apps and games, and these are not browser-based like cookies and cannot be controlled by browser settings. Some use device identifier, or other identifiers such as "Ad IDs" to associate app user activity to a particular app/game and to track user activity across apps/games.
Some information about your use of the Services and certain Third Party Services may be collected using tracking technologies across time and services and used by us and third parties for purposes such as to associate different devices you use, and deliver relevant content to you on the Services and certain Third Party Services.
For further information on tracking technologies and your choices regarding them, please see "Analytics and Tracking Technologies" and "Your Rights and Choices" below.
Information from Other Sources
HOW WE USE YOUR INFORMATION
Use of Information for Recruitment Purposes: Where you have provided us with information as part of an online application for employment or internship, we may use that information in order to allow us to make an informed decision about whether to proceed with your application. We may, as part of this recruitment process, collect information about your education, employment history and similar matters. Where this information is considered to be sensitive, you expressly consent to our processing of this information for recruitment purposes by submitting it to us.
HOW WE SHARE YOUR PERSONAL INFORMATION
Service Providers. We share your information with our agents, vendors, consultants, and other service providers that we engage to act on our behalf ("Service Providers") for the purpose of processing information on our and your behalf, fulfilling product orders, operating or hosting the Services, or providing services related to the online components of our games. For example, we may engage Service Providers to process analyze, and/or store data, including, but not limited to, analytical data. These Service Providers are prohibited from using your information other than to provide this assistance (although we may permit them to use information that does not identify you for other purposes) and are required to maintain appropriate confidentiality and security measures.
Asset transfers. If we become involved in a merger, acquisition, bankruptcy or other transaction involving the sale of some or all of TRS’s assets or a line of business, your information could be included in the discussions and transferred assets.
Internal Business Purposes. We may share your information with our affiliates for internal business purposes.
Direct Marketing Purposes. We may share your information with our affiliates, business partners, and other third parties for their own business purposes, including direct marketing purposes (for further information regarding your rights, see "Your California Privacy Rights" and "Your European Privacy Rights" below).
Without limiting the foregoing, in our sole discretion, we may share aggregated information which does not identify you or de-identified information about you with third parties or affiliates for any purpose.
SWEEPSTAKES, CONTESTS, PROMOTIONS
We may offer sweepstakes, contests, surveys, and other promotions (each, a "Promotion") jointly sponsored or offered by third parties that may require submitting personal information. If you voluntarily choose to enter a Promotion, your information may be disclosed to third parties for administrative purposes and as required by law (e.g., on a winners list). By entering, you agree to the official rules that govern that Promotion, and may, except where prohibited by applicable law, allow the sponsor and/or other parties to use your name, voice and/or likeness in advertising or marketing materials.
Please note that TRS does not control who will have access to the information that you choose to make public, and cannot ensure that parties who have access to such publicly available information will respect your privacy or keep it secure. We are not responsible for the privacy or security of any information that you make publicly available on the Services or what others do with information you share with them on the Services.
ADDITIONAL INFORMATION YOU SHOULD KNOW ABOUT THIRD PARTIES
SOCIAL MEDIA FEATURES
ANALYTICS AND TRACKING TECHNOLOGIES
For further information on tracking technologies and your choices regarding them, please see "Information We Collect Automatically" above and "Your Rights and Choices" below.
YOUR RIGHTS AND CHOICES
Tracking Technologies Generally
Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. Browsers offer different functionalities and options so you may need to set them separately. With respect to our apps, you can stop all collection of information via the app by uninstalling the app. Also, you may be able to exercise specific privacy choices, such as enabling or disabling certain location-based services, by adjusting the permissions in your mobile device.
Please be aware that if you disable or remove these technologies some parts of the Services may not work and that when you revisit the Services your ability to limit browser-based tracking technologies is subject to your browser settings and limitations.
Your browser settings may allow you to automatically transmit a "Do Not Track" signal to online services you visit. Note, however, there is no industry consensus as to what website and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take any action with respect to these "Do Not Track" signals or other mechanisms. For more information on "Do Not Track," visit http://www.allaboutdnt.com.
Analytics and Tracking Technologies
You may opt-out of receiving marketing emails from us and our Service Providers at any time: (i) as provided in any email to click on the unsubscribe link; (ii) by sending an email to: [email protected]; or (iii) by sending a letter to : Turtle Rock Studios, Inc., 25422 Trabuco Road #105-491, Lake Forest, CA 92630; Attn: Legal Department. We will try to make the requested changes in our active databases as soon as reasonably practical. Please note that you cannot unsubscribe from non-promotional emails from us, including messages relating to your account transactions, servicing, or TRS’s ongoing business relations.
We may send you push notifications until you remove our games or mobile applications or opt-out by adjusting the permissions on your mobile device.
Your California Privacy Rights
California residents have additional rights as set out in the "Additional Disclosures for California Residents" section below.
Your Nevada Privacy Rights
Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. We do not engage in the sale of your personal information. However, if you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us as at [email protected].
Your European Privacy Rights
Data subjects in Europe have additional rights as set out in the "Additional Disclosures for Data Subjects in Europe" section below.
We are a general audience service and we do not knowingly collect any personal information from children under the age of 13 as defined by the U.S. Children’s Privacy Protection Act ("COPPA") in a manner that is not permitted by COPPA. If you are a child under 13 years of age, you are not permitted to use the Services and should not send any information about yourself to us through the Services. We take children’s privacy seriously and encourage parents to play an active role in their children’s online experience at all times. We urge parents to instruct their children never to give out their real names, addresses, or phone numbers, without parental permission, when on-line. If you have any concerns about your child’s personal information, please contact us at [email protected].
WHAT SECURITY MEASURES DO WE TAKE TO SAFEGUARD YOUR PERSONAL INFORMATION?
The information that you provide to us is stored on servers that are located in secured facilities and protected by protocols and procedures designed to ensure the security of such information. However, no server, computer or communications network or system, or data transmission over the Internet can be guaranteed to be 100% secure. As a result, while we strive to protect user information, we cannot ensure or warrant the security of any information you transmit to us or through the Services and you acknowledge and agree that you provide such information and engage in such transmissions at your own risk.
NOTIFICATION OF CHANGES
QUESTIONS? CONTACT US
ADDITIONAL DISCLOSURES FOR CALIFORNIA RESIDENTS
These additional disclosures apply only to California residents. The California Consumer Privacy Act of 2018 (“CCPA”) provides additional rights to know and delete and requires businesses collecting or disclosing personal information to provide notices and means to exercise your rights.
Notice of Collection
In the past 12 months, we have collected the following categories of personal information, as described in the CCPA:
For further details on information we collect, including the sources from which we receive information, review the “Types of Information We Collect” section above. We collect and use these categories of personal information for the business purposes described in the “How We Use Your Information” section above.
We do not sell information as the term “sell” is traditionally understood.
Right to Know and Delete
You have the right to know certain details about our data practices in the past 12 months. In particular, you may request the following from us:
In addition, you have the right to delete the personal information we have collected from you.
To exercise your right to know, please send an email to: [email protected]. In the request, please specify whether you are seeking the categories of information we collect or the specific pieces of personal information. To delete your account, please send an email to: [email protected]. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.
We acknowledge that you may have rights under the CCPA in connection with the personal information we process on behalf of our publishing partners. If personal information about you has been processed by us as a service provider on behalf of a publishing partner and you wish to exercise any rights you have with such personal information, please inquire with the publishing partner directly. If you wish to make your request directly to us, please provide the name of the publishing partner on whose behalf we processed your personal information. We will refer your request to that publishing partner, and will support them to the extent required by applicable law in responding to your request.
You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent’s permission to do so and verify your identity directly.
Right to Non-Discrimination
You have the right not to receive discriminatory treatment by us because of your choice to exercise any your rights.
Shine the Light
Customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at the email or postal address set out in “Questions? Contact Us” above and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.
ADDITIONAL DISCLOSURES FOR DATA SUBJECTS IN EUROPE
Data protection laws in Europe distinguish between organizations that process personal data for their own purposes (known as “controllers”) and organizations that process personal data on behalf of other organizations (known as “processors”). We act as a controller with respect to personal data collected as you interact with our websites, emails, and advertisements. In some instances, we acts a processor on behalf of a publishing partner, which is the controller. Any questions that you have relating to the processing of personal data by us as a processor should be directed to the relevant publishing partner.
Lawful Basis for Processing
Data protection laws in Europe require a “lawful basis” for processing personal data. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our service providers or partners; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests. Where applicable, we will transfer your personal data to third countries subject to appropriate or suitable safeguards, such as standard contractual clauses and Privacy Shield discussed below.
Your Data Subjects Rights
You have the right to access, rectify, or erase any personal data we have collected about you. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.
To exercise any of these rights, please contact us as set out in the “Questions? Contact Us” section above and specify which right you are seeking to exercise. We will respond to your request within 30 days. We may require specific information from you to help us confirm your identity and process your request. If personal data about you has been processed by us as a processor on behalf of a publishing partner and you wish to exercise any rights you have with such personal data, please inquire with our publishing partner directly. If you wish to make your request directly to us, please provide the name of our publishing partner on whose behalf we processed your personal data. We will refer your request to that publishing partner, and will support them to the extent required by applicable law in responding to your request.
Please note that we retain information as necessary to fulfil the purposes for which it was collected, and may continue to retain and use information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
If you have any issues with our compliance, please contact us. You also have the right to lodge a complaint with the data protection regulator in your jurisdiction.
TRS complies with the EU-US Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the United Kingdom, the European Union, and Switzerland to the United States. TRS has certified that it adheres to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement and liability. In response to the invalidation of Privacy Shield, we will continue to provide appropriate safeguards, including through standard contractual clauses.
In accordance with our obligations under Privacy Shield, and subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, we hereby affirm our commitment to subject to the Privacy Shield Principles all personal data transferred from the United Kingdom, the European Union and Switzerland in reliance on Privacy Shield. This means that, in addition to our other obligations under the Privacy Shield Principles, we shall be liable to you for any third party agent to which we transfer your personal data in reliance on Privacy Shield and that processes such personal data in a manner that violates the Privacy Shield Principles, unless we can demonstrate that we are not responsible for the resulting damages.
In the event that you have any inquiry, dispute, or claim arising out of or relating to our compliance with Privacy Shield, please send an email to [email protected] or write to Turtle Rock Studios, Inc., 25422 Trabuco Road #105-491, Lake Forest, CA 92630; Attn: Legal Department. If we are unable to resolve your complaint directly, you may submit your complaint at no cost to you to JAMS at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim. In the event there are residual complaints that have not been resolved by JAMS, or any other means, you may seek a non-monetary remedy through binding arbitration to be provided to you in accordance with the Privacy Shield Principles.
To learn more about the Privacy Shield Framework, and to view TRS’s certification, please visit https://www.privacyshield.gov/.