loader image

ESRB Online Privacy Policy

Last updated July 31, 2015

Our Privacy Commitment

Protecting personal information online is one of the Entertainment Software Rating Board ("ESRB")'s core values. As a trusted privacy seal provider since 1999, we're committed to respecting the privacy rights of our online visitors and recognize the importance of protecting all information that you may choose to share with us. To further this commitment, we have adopted this Online Privacy Policy ("Privacy Policy") to guide how we collect, store, and use the information you provide us.

This Privacy Policy confirms that our website submits to the terms of ESRB's Privacy Certified Program. ESRB's Privacy Certified Program is designed to ensure that a website's information collection, use, and disclosure practices are responsible and appropriate. To protect your privacy, we have voluntarily undertaken this privacy initiative and our website has been reviewed and certified by ESRB Privacy Certified to meet established online information collection and use practices. As part of this privacy program, we are subject to frequent audits of our website and other enforcement and accountability mechanisms.

Table of Contents

Q1. What information does this Privacy Policy cover?

A1. Please note that this Privacy Policy applies only to information collected on the website where this Privacy Policy is posted, and does not apply to any other information collected by ESRB through any other means. This Privacy Policy applies only to information submitted and collected online, and does not apply to information that may be collected by ESRB offline. This Privacy Policy applies only to websites maintained by ESRB, and not to our international affiliates, or any websites maintained by other companies or organizations to which we link. ESRB is therefore not responsible for the content or activities provided on those websites. We encourage you to review the privacy policies of all third-parties and exercise caution in connection with them.

This Privacy Policy applies to use and sharing of personal information collected on and after the date that this Privacy Policy is posted.

Finally, the terms of this Privacy Policy are subject to all applicable laws.

Q2. What types of information do we collect about our guests?

A2. Whatever the purpose may be, we will only collect information to the extent reasonably necessary to fulfill your requests and our legitimate business objectives.

Personal Information You Provide to Us

Personal information is information that can be used to identify and contact you (such as your full name, address, telephone number or email address). With the exception of your IP address (later defined), we do not collect any personal information about you unless you choose to provide it to us and we do not require personal information to access our website. However, if you prefer not to disclose personal information, you may not be able to access certain features of our website. To offer our guests certain features on our website, we collect several types of personal information.

All of the personal information we receive comes directly from our guests. We may collect the following non-technical pieces of personal information from you:

  1. First and last name

  2. Email address

  3. Mailing address

  4. Phone number

You may provide this information to us in order to engage in various activities such as contacting us with a general inquiry or complaint, filling out a retailer registration form, signing up for a free privacy risk assessment, newsletter, or otherwise requesting information about joining one of our programs (including ESRB Privacy Certified).


ESRB complies with the Children's Online Privacy Protection Act (COPPA), a federal law designed to protect users under the age of 13 ("children") online. We do not knowingly collect personal information from children. We take children's privacy seriously, and encourage parents to take an active role in protecting their children's privacy and online experience at all times. If you believe that we may have unintentionally collected personal information from your child, please contact us.

Demographic Information

We may also collect demographic information, which is anonymous information such as your country of residence and company or product name. If demographic information is collected at the same time as your personal information, we may combine the demographic information with your personal information. Combining data allows us to customize the content we provide you according to your interests and preferences. Demographic information is not considered personal information unless it is linked to personal information about a specific user. If you choose not to provide certain demographic information, you may not be able to access certain features on our website.

Additionally, we may collect aggregate information, which is anonymous data about individuals that is grouped together to study a group or category of services or users. Aggregate information is not considered personal information unless it is linked to personal information about a specific user.

Q3. Are tracking technologies and cookies used to collect information?

A3. We use tracking technologies and cookies to collect information from our website visitors.

Information Collected Through Technology

We collect information through technology to make our websites more interesting and useful to you. For example, when you use certain features on our websites, we collect your IP address. An IP address is often associated with the portal through which you enter the Internet, like your ISP (Internet service provider), your company, or your university. We may use IP addresses to collect information regarding searches our guests perform across the pages on our website and the pages they visit. We may combine this information with other personal information. We do not collect personally identifiable information about your online activities over time or across third-party websites or online services.


Our website also uses cookies. Cookies are pieces of information that a website sends to your computer while you are viewing the website. We use cookies for a variety of purposes. For example, when you return to some websites after logging in, cookies provide information to the website so that the website will remember who you are. You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You can do this through the settings in your browser (e.g., Internet Explorer or Mozilla Firefox). Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies. If you turn cookies off, you won't have access to many features that make your web experience smoother, like the features mentioned above, and some of our services may not function properly.

Third Parties

We use third party service providers to gather analytics within our web pages. This Privacy Policy does not apply to, and cannot control the activities of, these other companies. If you would like to learn more about the privacy practices of the third parties on our website, please refer to our chart below:

Company Name Category Privacy Choices
Google Advertising, Analytics http://www.google.com/intl/en/policies/privacy

Q4. How is your personally identifiable information used and shared?

A4. We do not share, sell, or rent your personal information to third parties without your consent. We do not require personal information to access our website. However, if you prefer not to disclose personal information, you may not be able to access certain features of our website.

Operational Uses

We may also use your personal information for other purposes such as "Operational Uses." For example, we may use your information to send you administrative communications either about your account with us or about features of our websites, including any future changes to this Privacy Policy.

We occasionally use other companies, agents or contractors to perform services necessary to our operations. For example, we have partnered with other companies to personalize our web pages, process credit card transactions, analyze customers' interaction with our website, and process consumer surveys. We also provide postal addresses to the U.S. Post Office for delivery purposes. In the course of providing such services, these companies may have contact with your personally identifying information. These entities have agreed to securely store and maintain the personal information received from us. Any vendors or partners with whom we may share personal information are permitted to obtain only the personal information they need to deliver the services requested. They are required to maintain the confidentiality of the information and are prohibited from using it for any other purpose.

Aggregate Information

Finally, we may take your personally identifiable information and make it non-personally identifiable, either by combining it with information about other individuals (aggregating your information with information about other individuals), or by removing characteristics (such as your name) that make the information personally identifiable to you (de-personalizing your information). Given the nature of this information, no restrictions apply under this Privacy Policy on our right to aggregate or de-personalize your personal information, and we may use and share in any way with third parties the resulting non-personally identifiable information.

Business Information

For practical reasons, we treat personal information submitted to us in a business capacity different from information we receive in a non-business capacity. Personal information submitted to us in a business capacity (e.g., resumes, event sponsorship, etc.) may be shared with third parties, depending on the nature of the inquiry. Although personal information collected in this capacity will be used solely for the purpose specified, such information is not subject to the terms of this Privacy Policy.

Disclosures Required By Law and Disclosures to Help Protect the Security and Safety of Our Websites and Others

We may disclose personal information (a) in the good faith belief that we are required to do so by law; (b) if doing so is reasonably necessary to comply with legal process; (c) to respond to any claims; (d) to enforce the terms and conditions of our website; or (e) to protect the rights, property, or personal safety of ESRB, users, or the public.

Q5. What kinds of security measures do we take to safeguard your personally identifiable information?

A5. The security and confidentiality of your information is extremely important to us. We use robust security measures to protect user information from loss, misuse and alteration. We use industry-standard practices such as encrypted communications, physically secured rooms, firewalls and password protection systems to safeguard the confidentiality of your personal information. We will notify users of a data breach involving unencrypted personal information by email or by posting a notice on the affected website. We also strive to limit access to personal information to employees performing a legitimate business function. We review our security procedures periodically to consider appropriate new technology and updated methods. However, despite our best efforts, no security measure is ever perfect or impenetrable.

Q6. How can you review, update, or delete your personal information?

A6. You can access and update information you have previously provided to us by emailing us at privacy@esrb.org.

Q7. Do California residents have special rights?

A7. Beginning on January 1, 2005, California Civil Code Section 1798.83 permits users of this website who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. However, as previously stated, we do not share information with third parties for their direct marketing purposes or otherwise, unless you affirmatively agree to such disclosure. However, if you believe your information has been shared or you have general questions about how your information may have been shared, you may contact us at:


ATTN: VP, Privacy Certified

420 Lexington Avenue, Suite 2024

New York, NY 10170


Q8. Do we self-certify under the US-EU Safe Harbor Framework?

A8. Personal information collected on our website is stored and processed in the United States. By using our website you consent to any such transfer of information outside of your country. ESRB complies with the U.S.-E.U. Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. ESRB has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access and enforcement. To learn more about the Safe Harbor program, and to view our certification, please visit http://www.export.gov/safeharbor/.

Q9. How can you ask questions, or send us comments, about this Privacy Policy?

A9. If you have questions or wish to send us comments about this Privacy Policy, please contact us at:


ATTN: VP, Privacy Certified

420 Lexington Avenue, Suite 2024

New York, NY 10170


Q10. How will you know if we amend this Privacy Policy?

A10. We may amend this Privacy Policy at any time. If we make any material changes in the way we collect, use, or share your personal information, we will notify you by sending you an email at the last email address that you provided us, or by prominently posting notice of the changes on the websites covered by this Privacy Policy. Any material changes to this Privacy Policy will be effective 30 days following our dispatch of an email notice to you or 30 days following our posting of notice of the changes on the Websites covered by this Privacy Policy.

Please note that, at all times, you are responsible for updating your personal information to provide us your current email address. If the last email address you provided us is not valid, or for any other reason is not capable of delivering to you the notice described above, our dispatch of the email containing such notice will nonetheless constitute effective notice of the changes described in the notice.