1. WHAT PERSONAL INFORMATION WE COLLECT, HOW WE USE IT & OUR LEGAL BASES FOR PROCESSING IT

When you access, connect to, sign up to, participate in, create an account for, make purchases within or otherwise use our Services, we may collect personal data from you. The personal data we collect will depend on the circumstances and the Services you are using. The personal data that we may collect about you and the purposes for which such personal data will be used, as well as the legal basis for such processing are explained in this section.

1. Visiting our Site. When visit Site, our system will automatically collect data and information from the computer system of the terminal device accessing the Site. In this connection the following data will be collected for a limited time period:

   1. visited website;
   2. quantity of data transmitted;
   3. information about the type and version of the browser used;
   4. the operating system of the user;
   5. the IP address of the user;
   6. the date and time of access; and
   7. the websites from which the system of the user arrived on our Site.

   Such data will be stored in log files of our system. Such data are needed only to analyze any malfunctions and will be deleted in approximately 30 days. The legal basis for temporarily storing data in log files is Article 6(1)(f) of the General Data Protection Regulation (“GDPR”). Temporary storage of the IP address for the system is necessary for making the Site available to the terminal device of the user. For this purpose, the IP address of the user must be stored for the duration of the session. Data are stored in log files to ensure the functionality of our Site. In addition, such data are used to optimize the Site and to ensure the security of our IT systems. Data will not be analyzed for marketing purposes in this connection, and we will draw no inferences as to your identity. The aforementioned purposes also provide the basis of our legitimate interest in data processing within the meaning of Article 6(1)(f) of GDPR. Collecting data to make available the Site and storing data in log files is necessary for operating the Site. Consequently, users have no right to object to the collection or use of such data for the aforementioned purposes.

2. Communication via E-mail and Phone. If you communicate with us via email or telephone, we process all personal data you disclose to us during our conversation (e.g., you name, email address, telephone number, the reason why you are contacting us etc.). If you ask for help from our customer support team, we will collect and store the contact information you give them (generally, your name and e-mail address) as well as information about your game play or activity on our Services, and your Kongregate username and/or social network ID number. Recipients of the processed personal data are our respective internal employees that are responsible for pursuing our purposes for the processing (e.g., someone from a department that you are contacting with a request).

   Depending on the specific conversation with you, the personal data can either be processed in order to take steps at your request prior to entering into a contract with us or to perform a contract you have concluded with us. In these cases, the legal basis for processing the personal data is Article 6(1)(b) of GDPR.Also, the processing can be necessary for us to comply with legal documentation obligations. Then, the legal basis for processing the data is Article 6(1)(c) of GDPR. The processing can also be necessary for the purposes of our legitimate interest to respond to mails and calls of yours when you contact us and are not our contractual partner as well as to have proof regarding substantial content of our conversation, including but not limited to cases of potential legal claims on our or your side. We may also store the communications you have with the Customer Support team in order to provide you support and improve the Services. The legal basis for processing the data in those cases is Article 6(1)(f) of GDPR.

   The data is stored at least for the time until our contract with you is fully performed. If the data has been stored in order to take steps at your request prior to entering into a contract with us, we will store the data for as long as reasons objectively exist to believe that the respective conversation will be continued within the foreseeable future. Storage may also take place if this has been provided for by legal regulations such as directives, laws or other regulations to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires.

3. Account Information. When you register for an account (“Account”), we process the following required data of yours: username, email address and whether or not you are a Child. Recipients of the processed personal data are our respective employees that are responsible for processing the data. We process the required data to enter into and perform a contract with you (Account contract) so you can use our Services. The legal basis for processing the data to enter into or perform a contract we concluded with you is Article 6(1)(b) of GDPR. Your Account data is stored for as long as you maintain your Account, which can be closed anytime at your request. To protect your privacy, your Account will be automatically closed and any such associated data automatically deleted after three (3) or four (4) years of inactivity, as further explained in Section 3.

   Information You Provide via Apps. You may have the option to link your mobile account to your Sites account in connection with certain Apps. This will allow you to participate in content that crosses between the Sites and Apps, such as Kongregate level, points, and badges. If you choose this linking option, the information we receive via the Sites may also apply to Apps, and vice versa.

4. Purchases. When you place an order with us through our Platform we will request certain information from you, including, your name, email address, payment card details, billing address and phone number. We use a third party payment processor for this service. This information will be used to process your order, arrange delivery of your order and correspond with you in relation to your order. Recipients of the processed personal data are our respective employees that are responsible for fulfilling our Services. Our legal basis for using your personal data in this way is to perform the contract we enter into with you and to execute the customer service in respect of your order (Article 6(1)(b) of GDPR).

   The data is stored at least for the time until our contract with you is fully performed. If the data has been stored in order to take steps at your request prior to entering into a contract with us, we will store the data for as long as reasons objectively exist to believe that the respective conversation will be continued within the foreseeable future. Storage may also take place if this has been provided for by legal regulations such as directives, laws or other regulations to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires.

5. Online Presence in Social Media. We maintain an online presence on social networks and platforms to communicate with clients, interested parties, and users who are active on those networks, and to be able to inform clients, interested parties, and users of our Services.

   Our Site therefore links to the website of Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, U.S.A., or, if you reside in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, (“Facebook”). Otherwise, no data are exchanged with Facebook on our Site. For further information how Facebook processes personal data: https://www.facebook.com/about/privacy/update.

   Our Site also links to the website of Twitter, operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, U.S.A. or, if you reside in the EU, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. For further information how twitter processes personal data: https://twitter.com/privacy.

   When you access the aforementioned networks or platforms, the terms and conditions and data processing policies of the companies that operate those networks or platforms will apply. Unless otherwise provided in our data privacy policy, we will process data of users if they communicate with us through social networks or platforms, e.g., if they post on our Facebook pages, or send us messages.

6. User-Generated Social Content. As of January 2022, Kongregate no longer hosts forums or chat rooms. However, if you had posted in a forum prior to January 2022, then your previous posts are still publically visible. If you had participated in a chat room prior to January 2022, all such chats have been deleted. Any member with an Account may still post game comments, (which are publically visible), profile shouts and/or direct messages. When you do this, we process your username, date of your post and content of your post. The personal information that you post voluntarily through the Platform may be visible to others.

   We process the data to perform a contract with you so you can use our Service. Should you violate our terms of use (e.g., post offensive content) we will save such posts to prove the violation. We have a legitimate interest of making sure that the rules for participating in our forum are followed and toxic behavior of users can be properly sanctioned to ensure a friendly and respectful space for everyone. The legal basis for processing the data to enter into or perform a contract we concluded with you is Article 6(1)(a) of GDPR. The legal basis for processing data based on our legitimate interest is Article 6(1)(f) of GDPR.

   The data is stored at least for the duration of the contract with you. If entitlements to claims arise from the contract we store the data for the respective limitation period according to the applicable law. Personal data that is processed based on our legitimate interest, will be stored as long as it is covered by such legitimate interest. The storage period in such cases is determined by the necessity of the establishment, exercise or defense of legal claims (Article 17(3)(e) of GDPR), e.g., to have proof for a defense against unjustified claims within the respective statute of limitations by users who have verifiably violated our terms of use.

7. Other Information You Provide. We collect the following types of personally identifiable information: your contact information (such as name, postal or email address, or phone number), username and password, purchase history on our Platform, game play preferences (such as an interest in a particular type of game or genre), information you provide by interacting with us through social media, and photographs that you submit on our Platform or through our social media channels. By submitting a photograph, you waive any rights thereto and authorize us to copyright, use and publish the same in print or electronically for any lawful purpose.

8. Information We Automatically Collect. We and our affiliates, analytics or service providers, and third party companies with whom we have marketing relationships, use technologies such as cookies, beacons, tags, and scripts, to analyze trends, administer the Site, track users’ movements around the Site, and gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual or aggregated basis.

   • Analytics. When you visit our Platform, we automatically collect the following types of information: information about the devices you use to access the Internet (such as the IP address and the device, browser, and operating system type), URLs that refer you to our Platform and the dates and times of your visits, information on your gaming behavior on our Platform (e.g., page views, paths you take through our Sites, frequency of visits, referring/exit pages), general geographic location information (e.g., country) that shows where you are when browsing our Sites, search terms that you enter to reach our Sites or enter on our Sites to find products, and the fact that you opened one of our emails. We utilize analytics services to help us track the efficacy of our Platform and help us learn more about our users’ behavior.

   • Information We Receive from Third Parties. As previously noted, you can play Kongregate games through third party consoles or third party social media sites such as Facebook. When you play these 3rd Party Platform Games, backend system vendors may collect and share your information with us such as player IDs, session information, and purchase data, as well as personal information including email address, gender, and birthday and/or age range. Because such services are offered through a third party, this collection of information is governed the applicable third party’s privacy policy.

   • Tailored Advertising. Advertising allows us to provide many free-to-play Services. Third-party advertising companies serve ads on our behalf across the Internet. Such advertising partners have a legitimate interest to collect and profile personal data in the form of IP address and cookie ID from users on our Site in order to provide targeted online advertising and ad measurement.

   • Cookies. As further described in our Cookie Policy, we automatically collect information through cookies and other similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to recognize you and/or your device(s). Cookies are small text files stored by your Web browser on your computer, phone, tablet, or other device used to browse our Platform. Cookies allow us to identify and authenticate visitors, track behavior, and enable important site features. We also contract with analytics services and third-party advertising companies to collect similar information for specific purposes. Please note that companies delivering advertisements on our Services may also use cookies or other technologies as described below in the section “Third Party Advertising and User Acquisition Partners” and those practices are subject to those companies’ own policies. You can control cookies through your browser settings and other tools. For more information on cookies, please see our Cookie Policy.

2. WITH WHOM WE SHARE YOUR PERSONAL DATA.

1. Service Providers. We may use third party service providers to perform services for us such as to provide the infrastructure and IT services (including but not limited to data storage), process credit and debit card transactions, to provide customer services, collecting debt analysis and improve data and process customer inquiries and perform other statistical analyzes. In the performance of these services, the third party vendors may have access to your personal data but are only authorized to process it strictly on our behalf and in accordance with our instructions.

2. Third Party Advertising and User Acquisition Partners. We have advertising on our Services so we can offer continue to offer many of our Services for free. Subject to your settings, we provide certain information to advertisers who will use them to serve you with ads in our Platform, and we measure who sees and clicks on their ads. We may also use aggregate information to monitor usage of our Services in order to help us improve and develop our Services, and we may provide such aggregate information to third parties, e.g., content partners or advertisers. This aggregate information does not include personal data and cannot be linked to you. When advertisers, ad networks or user acquisition partners place ads in our Services, they may collect or we may share the following types of information from within our Services:

   • performance data (like the number of clicks on an advertisement);
   • aggregated and/or de-identified information about you and other players collectively that is not intended to specifically identify you (like players between the ages of 21 and 25 who live San Francisco);
   • certain technical information (for example, IP addresses, non-persistent device identifiers such as IDFAs, and de-identified persistent device identifiers such as a hashed Android ID);
   • your social network ID;
   • and other contextual data about your game play (for example, your level and session length).

   The information collected may be used to:

   • measure how effective ads are, to offer you targeted advertising in order to personalize your experience by showing you advertisements for products and services that are more likely to appeal to you (a practice known as behavioral advertising), and/or
   • undertake web analytics (e.g., Google Analytics which is used to analyze traffic and other player activity to improve your experience).

   Advertisers or ad networks may collect this information through the use of tracking technologies like browser cookies and web beacons. After clicking on a third party advertisement, you may no longer be on our Platform. The third party sites are operated by companies that are outside of our control, and your activities at those sites will be governed by the policies and practices of those third parties. We encourage you to review the list of third party advertising and user acquisition partners and their privacy policies before disclosing any personally identifiable information, as we are not responsible for the privacy practices of those sites.

3. Offer Walls. Our Services may display an “offer wall” that is hosted by an offer wall provider. The offer wall allows third-party advertisers to provide virtual currency to players in exchange for interacting with an advertisement or for completing a marketing offer that may include signing up for an account with one of those advertisers. After clicking on one of these offers, you will no longer be on a site hosted by Kongregate or the social network through which you are playing Kongregate games. To properly credit player accounts and to prevent fraud, a unique identifier, in some cases your Kongregate user name/ID, will be shared with the offer wall provider.

4. 3rd Party Developers. Most of the games on our Platforms are created by 3rd party developers. These 3rd party developers may request, by using Kongregate’s SDK and APIs, certain publicly visible information about users that play their games, e.g., your username, your user_id (a numeric ID associated with your account that persists even if a username is changed) In order to fix bugs. The legal basis of this processing is Article 6(1)(b) of GDPR.

5. Third Parties for Security or Other Legitimate Reasons. We may also disclose your personal data to third parties, if we reasonably believe that disclosure of such personal data is necessary:

   • to comply with valid legal obligations including subpoenas, court orders, governmental requests or search warrants, and as otherwise authorized by law. The legal basis of this processing is Article 6(1)(c) of GDPR.
   • to protect our rights, property, or the safety of our customers, employees or the general public.. The legal basis of this processing is Article 6(1)(f) of GDPR.
   • to protect against fraudulent, malicious, abusive, unauthorized or unlawful use of our Services and to protect our network, services, devices and users from such use. The legal basis of this processing is Article 6(1)(f) of GDPR. We have an interest to provide our Services without fraud. This interest outweighs the user’s interest in not having personal data processed.
   • to advance or defend against complaints or legal claims. The legal basis of this processing is Article 6(1)(f) of GDPR. We have an interest to defend against complaints or legal claims. This interest outweighs the user’s interest in not having personal data processed.
   • to determine credit risk. The legal basis of this processing is Article 6(1)(f) of GDPR. We have an interest to assess credit risks in order to protect our economic interest. This interest outweighs the user’s interest in not having personal data processed.
   • or to obtain payment for our Services. The legal basis of this processing is Article 6(1)(b) of GDPR.
   • to outside auditors and regulators in case of legal obligations. The legal basis of this processing is Article 6(1)(c) of GDPR.

6. Intra-Group Transfers. We may disclose your personal data to other companies within our parent company if it is necessary for the provision of our Services to you (the legal basis of this processing is Article 6(1)(b) of GDPR). If you have agreed thereto, we may also disclose your personal data to affiliate companies owned or operated by our parent company for marketing purposes (the legal basis of this processing is Article 6(1)(a) of GDPR). The affiliate companies who may have access to your personal data follow practices consistent with this Privacy Policy.

7. Corporate Transaction, Reorganization or Bankruptcy. In the event of a change of control, sale of some or all of our business or assets, corporate reorganization or bankruptcy, we would share the pertinent customer information (which may include your personal information) with the other business entity (or entities) involved in the transaction. In such an event, we would notify you via email and/or a prominent notice on our Platform of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information. The legal basis of this processing is Article 6(1)(f) of GDPR.

8. Legal Compliance. We may disclose information upon governmental request, in response to a court order, or when required by law to do so. The legal basis of this processing is Article 6(1)(c) of GDPR.

9. Disclosure under California Consumer Privacy Act of 2018 (“CCPA”). We do not rent or sell personal information collected by or from any Service or portion of a Service that is directed to Children or where we know that the user is a Child. For the portions of our Services that are directed to audiences who are not Children, we do not sell identifying information such as name, email address, phone number, or postal address, but we may share identifiers such as cookies and the advertising identifier associated with your mobile device with our advertising partners, and those partners may use and share those identifiers to show ads that are targeted to your interests. If this takes place, these disclosures may constitute a “sale” under California law.

   In the preceding twelve (12) months, we have not sold any personal information, but we have disclosed the following categories of personal information for a business purpose:

   Category A: Identifiers.
   Category B: California Customer Records personal information categories.
   Category D: Commercial Information.
   Category F: Internet or other similar network activity.
   Category G: Geolocation data.

3. HOW LONG WE RETAIN YOUR PERSONAL DATA

We keep your information only so long as we need it to provide our Services to you and fulfill the purposes described in this Privacy Policy. We do periodic status checks to review when personal data needs to be deleted. However, as we process your personal data for various purposes, the actual period for which the personal data will be stored will depend on the circumstances.

PLEASE BE ADVISED THAT IF YOU HAVE NOT LOGGED-IN OR USED OUR SERVICES FOR A CONSECUTIVE PERIOD OF AT LEAST THREE (3) OR FOUR (4) YEARS, AS APPLICABLE, YOUR INFORMATION MAY BE DELETED AUTOMATICALLY AND WITHOUT FURTHER NOTICE IN ACCORDANCE WITH THIS PRIVACY POLICY. Starting on or around July 1, 2022, we will automatically delete any user data and close the Account of any user who has been inactive and has not logged in on any of our Platforms for at least three (3) consecutive years IF such user (A) has not spent any money on our Services, AND (B) has not accumulated any achievements, badges, Kongpanions etc. We will automatically delete user data and close the Accounts of all other users who do not meet the criteria specified in (A) and (B) above when such users have been inactive and have not logged in on any of our Platforms for at least four (4) consecutive years.

When we no longer need to use your information and there is no need for us to keep it to comply with our legal or regulatory obligations, we will either remove it from our systems or depersonalize it so that we cannot identify you. Notwithstanding the foregoing, we may retain certain financial-related information, esp. if you have made purchases within the Services, for up to seven (7) years after such purchase in compliance with U.S. law and certain contractual legal data for up to ten (10) years after the termination or expiration of the obligations or even after you have closed your account with us if this is necessary to comply with legal requirements or to exercise, defend or establish legal rights.

While we endeavor to honor your requests related to your personal data, we may not be fully able to honor the request until a later time or we may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

• Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
• Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
• Debug products to identify and repair errors that impair existing intended functionality;
• Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
• Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
• Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent;
• Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us;
• Comply with a legal obligation; and/or
• Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

4. HOW WE PROTECT YOUR INFORMATION

We strive to maintain the security of your personal information through a variety of security measures. Safeguarding your personal data is a priority for us. Personal data that you provide to us is stored on secure servers, and we use rigorous procedures to protect against loss, misuse, unauthorized access, alteration, disclosure, or destruction of your personal data. Although we work hard to protect your personal data, please note that no system can be guaranteed to be 100% secure. Therefore, while we strive to employ reasonable protections for your information that are appropriate to its sensitivity, we cannot guarantee that our safeguards will prevent every unauthorized attempt to access, use or disclose personal data, and we cannot guarantee or warrant the security of the information you share with us and we cannot be responsible for the theft, destruction, loss or inadvertent disclosure of your information.

It is important for you to protect against unauthorized access to any login or password information, and to your computer or device. To minimize the risk of having your account being compromised, we recommend that you set up your account password using unique numbers, letters and special characters. Do not disclose passwords to others. Please notify us of any password compromises and change passwords periodically to maintain account protection. To learn more about how to protect yourself online, we encourage you to visit the government’s website at www.onguardonline.gov.

5. OUR POLICIES CONCERNING CHILDREN.

Our Services are Not Designed for Children. Our Services, Platform and 3rd Party Platform Games are generally designed for and directed at people 18 years of age or older. No one under the age of 13 within the United States (or up to the age of 16 for children located in certain European countries)(collectively, “Children”) may provide any personal information to us, and we do not knowingly collect information from Children except in connection with the following Apps which Kongregate has designated as directed to Children (collectively, our “Children-Appealing Games”).

For our limited collection of Children-Appealing Games, we recognize a special obligation to further protect personal information collected from Children. We urge parents to instruct their children to never give out their real names, addresses or phone numbers without permission. Some of the features of our Children-Appealing Games are age-gated so that they are not available for use by Children. When we intend to collect personal information from Children, we take additional steps to protect children’s privacy, including:

• In accordance with applicable law, and our practices, obtaining consent from parents for the collection of personal information from their children, or for sending information about our Services directed to Children;
• Limiting our collection of personal information from Children to no more than is reasonably necessary to participate in an online activity; and
• Giving parents access or the ability to request access to personal information we have collected from their Children and the ability to request that the personal information be changed or deleted.

For additional information about our practices regarding Children’s personal information, please read our Children’s Privacy Policy.

With the exception of a handful or so of our Children-Appealing Games, Children should not attempt to create an account or send any of your information to us, including your name, address, telephone number or email address. If Kongregate learns that we have collected personal information from Children without verification of parental consent in contravention of these measures, we will terminate access to the account immediately and will take all reasonable measures to delete such information from its databases and to not use such information for any purpose (except where necessary to protect the safety of the child or other as required or allowed by law). If you believe that we might have any information from or about Children, please contact us at [email protected].

Right to Remove Posted Information — California Minors. If you are under 18 years of age, reside in California, and have a registered account on the Platform, or through the 3rd Party Platform Games, you have the right to request removal of unwanted information that you publicly post on the Platform, or through the 3rd Party Platform Games. To request removal of such information, you can contact Kongregate using the email address associated with your account at [email protected] stating that you reside in California. Upon receiving such a request, Kongregate will make sure that the information is not publicly available on our Platform, or through our 3rd Party Platform Games.

6. YOUR RIGHTS AND OPTIONS.

We understand that you may at times need further information from us regarding your personal data and how it is processed or that you may wish to update or correct the personal data you have provided us with. Your rights under GDPR include the following:

1. Right to access your personal data. You have the right to obtain confirmation from us as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and information.
2. Right to rectification of personal data. If you find that personal data that we process about you is inaccurate, you have the right to have us correct such personal data.
3. Right to restriction of processing. Under certain circumstances, such as if you question the accuracy of your personal data or you have objected to our legitimate purpose to process your personal data, you have the right to request that we restrict the processing of your personal data until a solution has been found.
4. Right to erasure of personal data (“right to be forgotten”). Under certain circumstances, such as if your personal data has been unlawfully processed or you have withdrawn your consent (if the processing of your personal data is based on consent), you have the right to request and obtain erasure of your personal data from us, subject to certain exceptions. Please also note that any requests for removal do not ensure complete or comprehensive removal of the content or information from the Services. For example, content that you have posted may be republished or reposted by another user or third party.
5. Notification regarding rectification or erasure of personal data or restriction of processing. We shall communicate any rectification or erasure of personal data or restriction of processing carried to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request it.
6. Right to data portability. If your personal data is processed by automated means based on your consent or for the fulfilment of our contractual relationship, you have the right to request that we provide you with your with personal data on a machine-readable format for transmission to another data controller.
7. Right to object to processing. Under certain circumstances, such as if you question our legitimate interest to process your personal data, you have the right to object, on grounds relating to your particular situation, to such processing.
8. Right to revoke the declaration of consent. You have the right to revoke your data protection declaration of consent at any time. Revocation of your consent does not affect the legality of the processing that has taken place on the basis of your consent until revocation.
9. We do not use automated decision making processes. While you would have the right not to be subject to a decision based solely on automated processing which produces legal effects of similarly significantly affects you, this would not apply for our Platform as we do not use automated individual decision-making.
10. Right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint regarding our processing of your personal data with the supervisory authority of your place of residence, place of work or place of the alleged infringement.
11. Non-Discrimination. At the risk of stating the obvious, we want to be clear that we will not discriminate against you for exercising any of your CCPA rights or other privacy rights. Unless permitted by CCPA, we will not take any discriminatory actions, including, denying you goods or services, charging you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties; providing you a different level or quality of goods or services; or suggesting that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

Please submit a request using this form in respect of your rights. We will use commercially reasonable efforts to respond to your request within 30 days of receiving such request. If we cannot honor your request within the 30-day period, we will let you know the reasons why and when we expect to be able to fulfill your request.

If our processing of your personal data is based on your consent, you have the right to withdraw such consent at any time (this will however not affect the processing based on your consent before its withdrawal) by using this form or by updating the settings in our Services (where applicable).

• Updating Your Profile. If you wish to review, edit or delete information you have provided to Kongregate, you may access your account information on the Site at any time by clicking on your username at the top of the Site homepage. We retain and use your information as necessary as described in “How Long We Retain Your Personal Data.”
• Opting Out of Promotional Emails from Kongregate. If you are receiving Kongregate promotional emails due to prior consent and no longer wish to receive those email messages, you may opt out at the time you receive the message by following the instructions in that email, clicking on the unsubscribe link in our emails or contacting us at [email protected]. You will continue to receive non-marketing-related emails (e.g., material changes to the privacy policy, issues with the Platform or compromised data access).
• Opting Out of App Notifications. Kongregate Apps may send push notifications to your mobile device to provide game information, news, updates, or other relevant information. You can manage these updates from the “settings” page from within the App or from your device control panel that manages these notifications.

• Opting Out of Social Media Platform. If you wish to edit or manage the information Kongregate receives from a social media platform, you need to follow the applicable instructions at the specific social media site. For example, Facebook’s relevant policy in this regard can be found here. Please note that once Kongregate receives any personal information from a social media site as a result of a user playing 3rd Party Platform Games, it will be stored and handled in accordance with this Privacy Policy.

• Opting Out of Geolocation. In order to improve and optimize our Service continuously, we use mobile tracking technologies. With the help of these services, we collect data on the usage of our Apps to be able to constantly improve our Services. In this respect, we may collect: IP address, which is anonymized right away, MAC address, anonymized Device ID (IDentifier For Advertisers (IDFA)) or Google Advertiser ID (GAID), browser type, language settings, internet service provider, network status, time zone, URL of the entry and exit pages, date of access and time spent, clickstream data, and other statistical information about the use of our Services. If you have previously allowed us to access your geolocation data, you can stop making geolocation available to us by visiting your mobile device’s settings for the relevant application or the “settings” page for the relevant App.

  The collection and storing of the data can at any time be disabled with effect for the future as follows:

  • In the case of an Apple device: Open the settings of your mobile device (e.g. iPhone or iPad) and select the menu item “Privacy.” Under “Advertising,” you can turn off the Ad Tracking.
  • In the case of Android devices: Open the settings in your App list and tap on the “Ad” button. When the Ad window has opened, you can deactivate the Google Advertising ID.

• Opting Out of Third Party Tailored Advertising.If you are interested in more information about tailored advertising and your choices to prevent third parties from delivering tailored web and mobile web advertising you may visit the following websites:

  • Network Advertising Initiative Consumer Opt-Out Page or the Digital Advertising Alliance Opt-Out Page for U.S.-based advertising; and
  • Your Online Choices UK website for EU-based advertising.
  • In addition, if you do not want to receive tailored in-application advertisements from third parties that relate to your interests in apps on your mobile device, you may opt-out by adjusting the ad tracking settings on your device. You can also reset the “Advertising Identifier” (like an IDFA) from your mobile device’s “settings” page, which will prevent continued use of existing behavioral data tied to the previous “Advertising Identifier.”
  • Further, depending on the platform provider (such as Apple or Google), you may be able to download apps, such as the Digital Advertising Alliance’s “AppChoices” app, that offer to provide you with control regarding the collection and use of cross-app data for tailored advertising.

  Please note this does not opt you out of being served ads. While you do have choices to limit personalized ads that are tailored to your interests, you may receive generic ads. These opt-out tools are not provided by Kongregate but provided by third parties.

• Opting Out of Analytics. We use internal and third party analytics tools, including Google Analytics. The third party analytics companies we work with may collect and store data related to our Site, enabling the creation of user profiles under pseudonyms. These user profiles serve to analyze visitor behavior and are evaluated in order to improve and design our offer so as to meet the demands. Their collection and use of information is subject to their own privacy policies. You may opt-out of Google Analytics by following this link.
• Controlling CookiesIn order to design our Services in the most user-friendly manner for you, we, as well as many other companies, also use persistent and session cookies and web beacons and other similar technologies. You can manage many companies’ cookies used for online advertising via the consumer choice tools created under self-regulation programs in many countries, such as the U.S.-based aboutads.info choices page, Canada-based www.youradchoices.ca or the EU-based Your Online Choices. If you do not want cookies to be stored on your computer or wish to be informed of their storage, you can prevent the installation of cookies by declining to accept cookies or managing cookies in your web browser. However, we would like to point out that by preventing cookies, you may find that you cannot use all of our Platform’s functions to the full extent. For more information on our Cookie Policy, please read here.
• Contests, Sweepstakes and Promotions. From time to time, we may provide you the opportunity to participate in contests, sweepstakes, surveys and/or other promotions on our site. If you participate, we will request certain personally identifiable information from you as provided in the terms of the corresponding promotion. We may use a third party service provider to conduct these surveys or contests; in those cases, that company will be prohibited from using our users’ personally identifiable information for any other purpose.
• California Privacy Rights. California Civil Code Section 1798 allows California residents to ask companies with whom they have an established business relationship to provide certain information about the companies’ sharing of personal information with third parties for direct marketing purposes. California customers who wish to request further information about our compliance with this law or have questions or concerns about our privacy practices may contact us at [email protected] or by writing to the address provided under “Questions, Concerns or Requests” below.
• Do Not Track. Do Not Track is a concept that has been promoted by regulatory agencies such as the U.S. Federal Trade Commission (FTC), for the Internet industry to develop and implement a mechanism for allowing Internet users to control the tracking of their online activities across websites by using browser settings. At this time, there is no general agreement on how companies such as ours should interpret Do Not Track signals. Kongregate does not currently respond to Do Not Track signals, whether that signal is received on a computer or on a mobile device. You can learn more about Do Not Track here.

7. TRANSFER OUT OF EUROPE

IMPORTANT INFORMATION FOR EUROPEAN USERS: When you use our Services, your data may be sent to the United States and possibly other countries.

The personal data that we collect from you may be transferred to and stored at a destination outside the European Economic Area (“EEA”) and Switzerland, including at destinations that are not subject to a decision by the European Commission establishing an adequate level of protection of personal data. Currently, our servers are in the United States. Your personal data can be shared with other companies owned by our parent company, processed by staff working for us or for one of our suppliers, or shared with certain third parties who may be located outside the EEA and Switzerland. We will take all reasonable necessary steps, including entering into data processing agreements using standard contractual clauses, to ensure that your personal data is treated securely and in accordance with this Privacy Policy and have adopted appropriate safeguards to protect it.

8. DATA PROTECTION OFFICER.

Kongregate is the “controller” in line with GDPR and other applicable data protection laws. Our external data protection officer is:

Prof. Dr. Christian Rauda
GRAEF Rechtanswälte Digital PartG mbB
Jungfrauenthal 8
20140 Hamburg, Germany
Email:[email protected]
Website: www.graef.eu

9. QUESTIONS, CONCERNS OR REQUESTS.

For questions, concerns or requests regarding the Privacy Policy or the use of personal information you submit to us, please contact us at:

Kongregate Inc.
10680 Treena Street, Suite 155
San Diego, CA 92131
Email: [email protected]

THIRD PARTY ADVERTISING AND USER ACQUISITION PARTNERS

We use the following user acquisition and advertising partners, that are integrated into our Platform. Please check the following privacy policies to learn more about their privacy practices, including how you may exercise your data subject rights.

This list was last updated on March 9, 2022.