loader image

ESRB Online Privacy Policy

Last updated April 1, 2018

Our Privacy Commitment

Protecting personal information online is one of the core values of the Entertainment Software Rating Board ("ESRB"). As a trusted privacy seal provider since 2001, we are committed to respecting the privacy rights of our online visitors and recognize the importance of protecting all information that you may choose to share with us. To further this commitment, we have adopted this Online Privacy Policy ("Privacy Policy") to be transparent about how we collect, maintain, use, and share the information you provide us through our website, www.esrb.org (the "Website").

A complete chart of the information we may collect from you through the Website, how we collect it, the reason we collect it, how long we keep it, and whether we share it with third parties is provided in the following chart:

Information Collected Manner of Collection Reason for Collection Lawful Basis for Collection Retention Period Whether Disclosed to Third Parties
User Inquiries/Complaints
Name A user can input this information in one or more forms, or send it to ESRB via email through the Website. This information is collected to allow a user to submit a complaint about a retailer, or to otherwise contact ESRB with a comment or complaint, a question about a rating, about a research report, or with a general inquiry. ESRB's legitimate commercial interests This information is kept for the longer of 12 months or until the user's inquiry or complaint has been adequately addressed. If a user submits a valid complaint to ESRB Privacy Certified, all records pertaining to the complaint are maintained for 3 years by statute. This information is not shared with any third parties, except if ESRB has a legal obligation to do so or if necessary to address a user complaint.
Email A user can input this information in one or more forms, or send it to ESRB via email through the Website. This information is collected to allow a user to submit a complaint about a retailer, or to otherwise contact ESRB with a comment or complaint, a question about a rating, about a research report, or with a general inquiry. ESRB's legitimate commercial interests This information is kept for the longer of 12 months or until the user's inquiry or complaint has been adequately addressed. If a user submits a valid complaint to ESRB Privacy Certified, all records pertaining to the complaint are maintained for 3 years by statute. This information is not shared with any third parties, except if ESRB has a legal obligation to do so or if necessary to address a user complaint.
Country A user can input this information in one or more forms. This information is collected to allow a user to contact ESRB with a comment or complaint, a question about a rating, about a research report, or with a general inquiry. ESRB's legitimate commercial interests This information is kept for the longer of 12 months or until the user's inquiry or complaint has been adequately addressed. This information is not shared with any third parties, except if ESRB has a legal obligation to do so or in limited circumstances when ESRB contacts the user to seek consent and the user provides consent.
Rating Customers
Company Name A user can input this information in one or more forms. This information is collected when a publisher creates an account to submit a computer or video game or app to be rated. Because this information is not personal, ESRB does not need a lawful basis to collect it. Indefinitely Because this information is not personal, it may be shared with third parties at ESRB's discretion.
Contact Name A user can input this information in one or more forms. This information is collected when a publisher creates an account to submit a computer or video game or app to be rated. ESRB's legitimate commercial interests and contractual necessity Indefinitely This information is not shared with any third parties, except if ESRB has a legal obligation to do so.
Company Contact Information (company postal address, phone number, email address) A user can input this information in one or more forms. This information is collected when a publisher creates an account to submit a computer or video game or app to be rated. ESRB's legitimate commercial interests and contractual necessity Indefinitely This information is not shared with any third parties, except if ESRB has a legal obligation to do so.
Credit Card Information (credit card number, cardholder name, expiration date, CVV/CVS, and billing information) A user can input this information in a form. This information is collected to allow a publisher to pay for ESRB's rating service. ESRB's legitimate commercial interests and contractual necessity We temporarily retain the cardholder's name and the last four digits of the card number for operational purposes. This information is shared with ESRB's merchant services provider to process payment.

This Privacy Policy confirms that our Website submits to the terms of ESRB's Privacy Certified Program. ESRB's Privacy Certified Program is designed to ensure that the information collection, use, and disclosure practices related to members' websites, mobile applications and other online services are transparent, lawful and adhere to industry-established best practices. To protect your privacy, we have voluntarily undertaken this privacy initiative. Our Website has been reviewed and certified by ESRB Privacy Certified. As part of this privacy program, we are subject to audits of our Website, as well as other enforcement and accountability mechanisms.

Table of Contents


What information does this Privacy Policy cover?

This Privacy Policy applies only to information collected on or after the Last Updated date of this Privacy Policy and only to information collected on the Website. It does not apply to any other information collected by ESRB through any other means, including information that may be collected by ESRB offline. Nor does it apply to ESRB's mobile application or any other websites or online services maintained by ESRB or by any of ESRB's international affiliates. Finally, this Privacy Policy does not apply to any websites or other online services maintained by other companies or organizations to which ESRB links. ESRB is therefore not responsible for the content or activities provided on those websites or other online services. We encourage you to review the privacy policies of all third-parties and exercise caution in connection with them.


How do we define personal information?

We define personal information as information that can be used to identify or contact you (such as your full name, address, telephone number, or email address), account numbers (such as credit card or bank account numbers), and unique technical information (such as your IP address and other persistent identifiers).


How do we handle personal information of children?

The Website is for adults and businesses only.

Parents, we take the privacy of children seriously, and we encourage you to take an active role in protecting your children's privacy and online experiences at all times. ESRB complies with the Children's Online Privacy Protection Act ("COPPA"), a U.S. law designed to protect users under the age of 13 online. We also comply with the European Union's General Data Protection Regulation ("GDPR"), which includes certain protections for users under the age of 18 and additional protections for users under the age of 16. We do not knowingly collect personal information from children. If you believe that we may have unintentionally collected personal information from your child, please contact us utilizing the contact information below. If we confirm we have collected personal information from a child under the age of 16, we will delete that information from our systems.


What information do we collect on the Website?

For ease of reference, a complete chart of the information we collect on the Website is provided above. Below we further explain what we collect, how we collect it, the reasons we collect it, how long we keep it, and whether we share it with third parties.

Personal and Demographic Information You Provide to Us

We only collect personal and demographic information that you provide to us. Specifically, through the Website, you can provide us with the following personal and/or demographic information:

  • User Inquiries/Complaints: If you choose to submit a complaint against a computer or video game retailer or to otherwise contact us with an inquiry or complaint, you will be required to provide us with your name; email address; in some cases, your country; and information regarding your inquiry or complaint; and

  • Rating Customers: If you are a video game or app publisher and would like to submit a video game or app to be rated by ESRB, you will need to provide us with the name of your company, the first and last name of the primary contact person at the company, an email address, telephone number, street or postal address, credit card information (optional), and information about the game or app you would like rated.


Are tracking technologies and cookies used to collect information?

Cookies

We use Google Analytics to provide web analytics data about how our Website is used, including to identify the website that linked you to our Website. To provide this information, Google Analytics places a cookie on your web browser. None of the information collected by Google Analytics consists of or is linked to personal information belonging to you.

Moreover, videos appearing on the Website are hosted by YouTube, which enables third-party cookies and ad tags from DoubleClick (Google) the moment a user visits the Website. If a user clicks on an embedded YouTube video, third-party cookies from Google Dynamic Remarketing and Google AdWords Conversion are also enabled. Google may use these cookies and tags to track you on the Website and across other sites.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You can do this through the settings in your browser (e.g., Google Chrome, Microsoft Edge or Mozilla Firefox). Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies. If you turn cookies off, some of the features of the Website might not function properly.

For more information about the third-party cookies on the Website, including your opt-out choices, please refer to our chart below.

Do Not Track (DNT) Disclosure

Your browser may allow you to set a "do not track" (DNT) signal indicating that you do not wish your online activity to be tracked. Currently, our system does not support and cannot act on DNT signal headers that we may receive. However, the choices that we provide you concerning collection and use of your personal information will continue to operate as described in this Privacy Policy.

Social Links

The Website also includes links to ESRB's Facebook and Twitter pages. If you click on the Facebook or Twitter links, you will be directed to ESRB's pages on those third-party websites. This Privacy Policy does not apply to the Facebook and Twitter sites. Those sites are subject to Facebook's and Twitter's, respective, privacy policies.


How is your information used?

We may use your information for various "Operational" purposes. For example, we may use your information to send you administrative communications either about your account with us or about features of our Website, including any future changes to this Privacy Policy.

In addition, as discussed further below, we may utilize your information to address your inquiries or complaints, or fulfill requests to rate a game or app.

User Inquiries/Complaints

If you choose to submit a complaint against a computer or video game retailer or to otherwise contact us with an inquiry or complaint, we utilize the information you provide us to best address your complaint or inquiry. For example, if you submit a complaint about a video game retailer, we contact that retailer on your behalf to attempt to resolve your complaint. If you contact us with an inquiry or complaint regarding a rating assigned to a video game or app, we will either do our best to address your inquiry or complaint ourselves (if you are in North America), or we will advise you of the organization best suited to do so (if you are outside North America).

We consider this to be a legitimate interest that justifies our collection of your information; however, the decision whether to provide the information to us belongs to you. If you prefer not to disclose the information, you will still be able to utilize the Website, but you will not be able to submit a complaint, make an inquiry, or otherwise contact us through the Website.

We retain only the email from you that provides your information and sets forth your complaint or inquiry. Your personal information is not stored in a database or otherwise maintained by us. Except as set forth in the next sentence or in the unusual circumstance when additional time is needed to adequately address your inquiry or complaint, we will delete your email after 12 months. If your complaint is directed at ESRB Privacy Certified and concerns a member of the Privacy Certified program's failure to abide by the Privacy Certified program requirements, your email and any other documents relating to your complaint will be retained for 3 years by statute.

Rating Customers

Sections of the Website are dedicated to ESRB's business function of rating computer and video games and online apps. If you are a video game or app publisher and you submit a video game or app to be rated by ESRB, we utilize the personal and business information you provide us to rate the video game or app you submit to us, to maintain a historical record of the rating, and to obtain payment for our rating services.

We consider this to be a legitimate commercial interest that justifies our collection of your information. Moreover, our collection may be necessitated by our contractual obligations to provide and track ratings. However, the decision whether to provide the information to us, belongs to you. If you prefer not to disclose the information, you will still be able to utilize the Website, but you will not be able to submit a game or app for rating.

Except for the credit card information used for payment, we maintain the information obtained in connection with a rating, including the personal and business information you provide us, in a database. Because our rating of a game or app does not expire, we maintain this information indefinitely, meaning we will not delete it.

We do not store your credit card information, except the last 4 digits of the credit card number and the cardholder's name. We maintain this information only as long as necessary to satisfy its operational purpose.


When do we share your information?

As set forth below, whether and when we share your information depends on the type of information.

User Inquiries/Complaints

We do not share with any third parties the personal information you provide us when you contact us with a complaint or inquiry, except if ESRB has a legal obligation to do so, if necessary to address a user complaint, or as otherwise set forth in this Privacy Policy.

Rating Customers

We do not share with any third parties the personal information you provide us when you create a publisher account to submit a video game or app to be rated by ESRB, except as otherwise provided in this Privacy Policy or if you choose to pay for our service by credit card through the Website. If you choose to pay for our rating service by credit card through the Website, your credit card and billing information is securely sent to our merchant services provider to process payment. Our merchant services vendor is required to maintain the confidentiality of your credit card information and is prohibited from using it for any other purpose.

Aggregate Information

We may take your personal information and make it non-personally identifiable, either by combining it with information about other individuals (aggregating your information with information about other individuals) and/or by removing characteristics (such as your name) that make the information personally identifiable to you (anonymizing your information). Given the nature of this information, no restrictions apply under this Privacy Policy on our right to aggregate or anonymize your personal information, and we may use and share the anonymized information in any way with third parties.

Mergers, Acquisitions, etc.

If we sell or otherwise transfer part or the whole of ESRB or our assets to another organization (e.g., in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, liquidation), your personal information and any other information collected through our Website may be among the items sold or transferred. The buyer or transferee will be required to honor the commitments we have made in this Privacy Policy.

Disclosures Required By Law and Disclosures to Help Protect the Security and Safety of Our Website and Others

We may disclose personal information (a) in the good faith belief that we are required to do so by law; (b) if doing so is reasonably necessary to comply with legal process; (c) to respond to any claims; or (d) to protect the rights, property, or personal safety of ESRB, users, or the public.


What kinds of security measures do we take to safeguard your personal information?

The security and confidentiality of your information is extremely important to us. We use robust security measures to protect user information from loss, misuse and alteration. We use industry-standard practices such as encrypted communications, physically secured rooms, firewalls, and password protection systems to safeguard the confidentiality of your personal information. Despite our best efforts, no security measure is ever perfect or impenetrable. If we learn that your unencrypted personal information has been compromised by a data breach, we will notify you consistent with applicable laws.


How can you review, update, or delete your personal information?

You may have the right to access, update, and request the deletion of information you have previously provided to us; request a portable copy of your personal information; or to object to our processing of your personal information, which you may do by emailing us at privacy@esrb.org. However, if your personal information is being maintained pursuant to a contractual or other legal obligation, we may not be required to honor your request.


What are your California Privacy Rights?

California Civil Code § 1798.83 permits users of this Website who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. We do not disclose your personal information to third parties for their direct marketing purposes. However, if you are a California resident and you believe your information has been disclosed or you have general questions about how your information may have been shared, you may contact us at:

ESRB

ATTN: VP, Privacy Certified

420 Lexington Avenue, Suite 2240

New York, NY 10170

privacy@esrb.org


Do we self-certify under the EU-U.S. and Swiss-U.S. Privacy Shield Framework?

Personal information collected on the Website will be stored and processed in the United States. For personal information transferred from a European Union member country or Switzerland to the United States, ESRB complies with the E.U.-U.S. and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. ESRB has certified that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view ESRB's certification, please visit https://www.privacyshield.gov/.

In compliance with the Privacy Shield Principles, ESRB commits to resolve complaints about our collection or use of your personal information. European Union and/or Swiss individuals with inquiries or complaints regarding our Privacy Policy should contact us at privacy@esrb.org or regular mail at:

ESRB

ATTN: VP, Privacy Certified

420 Lexington Avenue, Suite 2240

New York, NY 10170

privacy@esrb.org

If a European Union or Swiss individual's complaint cannot be resolved through our internal process, we will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website. JAMS mediation may be commenced as provided for in the relevant JAMS rules, and at no cost to you. Under certain conditions, a European Union or Swiss individual may also pursue binding arbitration through the Privacy Shield Panel.

Additionally, at any time, a European Union or Swiss individual may submit a complaint directly to his or her local European Union data protection authority or the Swiss Federal Data Protection and Information Commissioner, as applicable. Moreover, ESRB is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

For more information about filing a complaint, click here.

ESRB may be liable for the onward transfer of EU or Swiss individual's personal data to third parties that process personal data in a manner inconsistent with the Privacy Shield Principles, unless ESRB proves that it is not responsible for the event giving rise to the damage.


How can you ask questions, or send us comments, about this Privacy Policy?

If you have questions or wish to send us comments about this Privacy Policy, or the processing of your personal information, please contact us at:

ESRB

ATTN: VP, Privacy Certified

420 Lexington Avenue, Suite 2240

New York, NY 10170

privacy@esrb.org


How will you know if we amend this Privacy Policy?

We may amend this Privacy Policy at any time. If we make any material changes in the way we collect, use, or disclose your personal information, we will notify you by prominently posting notice of the changes on the Website. If we make any material changes to this Privacy Policy that retroactively impact the way in which we use or disclose personal information already collected from you, we will attempt to notify you by email and seek your consent to those changes.