ESRB Online Privacy Policy

Last updated October 11, 2019

Our Privacy Commitment

Protecting personal information online is one of the core values of the Entertainment Software Rating Board (“ESRB”). As a trusted privacy seal provider since 2001, we are committed to respecting the privacy rights of our online visitors and recognize the importance of protecting all information that you may choose to share with us. To further this commitment, we have adopted this Online Privacy Policy (“Privacy Policy”) to be transparent about how we collect, maintain, use, and share the information you provide us through our websites, esrb.org and esrbrating.org(the “Websites”).

Chart of Online Information Practices

A complete chartof the information we may collect from you through the Websites, how we collect it, the reason we collect it, how long we keep it, and whether we share it with third parties is provided in the following chart:

 

Email Update Sign-up

Info CollectedManner of and Reason for CollectionLawful Basis for CollectionRetention PeriodDisclosure to Third Parties
Email and first nameYou can input your email address to sign up for email updates from us. When you sign up for email updates, you also have the option of providing us with your first name.You voluntarily provide us this info, and we process it consistent with our legitimate interestsWe keep this info unless and until you unsubscribe from the updates.Unless we have a legal obligation to do so, we will not share this info with any third parties, except our service providers and processors.

 

Our email updates are powered by third-party Mailchimp®. To review Mailchimp®’s privacy practices, please see the “Privacy for Contacts” section of its privacy policy.

 

Online Contact Forms
Name (first and last); email address; and countryIf you would like to send us a question, comment or complaint, we require you to provide this information to us so that we can reach back out to you if necessary. We will also require you to confirm you have read and agree to this Privacy Policy before we will let you submit your info.You voluntarily provide us this info, and we process it consistent with our legitimate commercial interests.We keep this info for the longer of 12 months or until we have adequately addressed your inquiry or complaint.If you submit a valid complaint to ESRB Privacy Certified, all records pertaining to the complaint are maintained for 3 years by statute.Unless we have a legal obligation to do so or it is necessary to address your question or complaint, we will not share this info with any third parties, except our service providers and processors.

 

Submissions by Rating Customers
Company; contact name; company contact info (address; phone number; email address)You are required to provide this info when you create an account to submit a computer or video game or mobile app to be rated.You voluntarily provide us this info, and we process it consistent with our legitimate commercial interests and contractual requirements.We maintain a permanent record of all info we receive in connection with a rating.Unless we have a legal obligation to do so, we will not share this info with any third parties, except potentially service providers and processors.

 

Credit Card Info (credit card number, cardholder name, expiration, CVV, and billing info)You have the option of paying for our rating service with a credit card, in which case we would need to collect this info from you.You voluntarily provide us this info, and we process it consistent with our legitimate commercial interests and contractual requirements.We temporarily retain the cardholder’s name and the last four digits of the card number for operational purposes.This info is shared with ESRB’s merchant services provider to process payment.
Tracking Technologies
For info about the use of tracking technologies, including cookies and pixels on our Websites, please click here.

Table of Contents

What information does this Privacy Policy cover?

This Privacy Policy applies only to information collected on or after the Last Updated date of this Privacy Policy and only to information collected on the Websites. It does not apply to any other information collected by ESRB through any other means, including information that may be collected by ESRB offline. Nor does it apply to ESRB’s mobile application or any other websites or online services maintained by ESRB or by any of ESRB’s international affiliates. Finally, this Privacy Policy does not apply to any websites or other online services maintained by other companies or organizations to which ESRB links. ESRB is therefore not responsible for the content or activities provided on those websites or other online services. We encourage you to review the privacy policies of all third-parties and exercise caution in connection with them.

Back to Top

How do we define personal information?

We define personal information as information that can be used to identify or contact you (such as your full name, address, telephone number, or email address), account numbers (such as credit card or bank account numbers), and unique technical information (such as your IP address and other unique persistent identifiers).

Back to Top

How do we handle personal information of children?

The Websites are for adults and businesses only.

Parents, we take the privacy of children seriously, and we encourage you to take an active role in protecting your children’s privacy and online experiences at all times. ESRB complies with the Children’s Online Privacy Protection Act (“COPPA”), a U.S. law designed to protect users under the age of 13 online. We also comply with the European Union’s General Data Protection Regulation (“GDPR”), which includes certain protections for users under the age of 18 and additional protections for users under the age of 16.  We do not knowingly collect personal information from children. If you believe that we may have unintentionally collected personal information from your child, please contact us utilizing the contact information below. If we confirm we have collected personal information from a child under the age of 16, we will delete that information from our systems.

Back to Top

What information do we collect on the Websites?

For ease of reference, a complete chart of the information collected on the Websites is provided above.  Below we further explain what we collect, how we collect it, the reasons we collect it, how long we keep it, and whether we share it with third parties.  We also explain how and why information is collected by third parties utilizing cookies and pixels.

Personal and Demographic Information You Provide to Us

We only collect personal and demographic information that you provide to us. Specifically, through the Websites, you can provide us with the following personal and/or demographic information:

  • Email Updates: If you choose to sign up for email updates from us, you will be required to provide us with your email address and you will have the option to also provide us your first name.
  • User Inquiries, Comments and Complaints: You may use our online contact form to send us questions, comments and complaints. The online contact form will require you to provide us with your name; email address; your country; and information regarding your question, comment or complaint. You may also tell us if you are a parent. You will be required to confirm that you agree to this Privacy Policy before submitting this information.
  • Rating Customers: If you are a video game or app publisher and would like to submit a video game or app to be rated by ESRB, you will required to provide us with the name of your company, the first and last name of the primary contact person at the company, an email address, telephone number, street or postal address, credit card information (optional), and information about the game or app you would like rated.

Back to Top

Are tracking technologies and cookies used to collect information?

Cookies

We use Google Analytics to provide web analytics data about how our Websites are used, including to identify the website that linked you to our Websites. To provide this information, Google Analytics places a cookie on your web browser. We have configured Google Analytics so that none of the information it collects consists of or is linked to personal information belonging to you.

Moreover, videos appearing on the Websites are hosted by YouTube, which enables third-party cookies and ad tags from DoubleClick (Google) the moment a user visits one of the Websites. Google may use these cookies and tags to track you on the Websites and across other sites.

You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You can do this through the settings in your browser (e.g., Google Chrome, Microsoft Edge or Mozilla Firefox). Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies. If you turn cookies off, some of the features of the Websites might not function properly.

For more information about the third-party cookies on the Websites, including your opt-out choices, please refer to our chart below.

CookieTypeThird-Party Privacy PolicyIndustry Opt-Out OptionsGoogle Opt-Out Options
DoubleClickAdvertisinghttp://www.google.com/policies/technologies/ads/; https://support.google.com/dfp_premium/answer/2839090?hl=enDAA:http://optout.aboutads.info/#!/

NAI:http://optout.networkadvertising.org/#!/

https://support.google.com/ads/answer/2662922?hl=en
Google AnalyticsAnalytics n/ahttps://tools.google.com/dlpage/gaoptout;https://support.google.com/analytics/answer/181881?hl=en

 

Pixels

A pixel is a piece of code installed on a website.  Our Websites have Facebook and Twitter pixels installed, which Facebook and Twitter utilize to serve targeted ads.  Facebook and Twitter collect various information about you through the pixels, including information about your activity on our Websites.  For our use, Facebook and Twitter use this information to provide us with targeted audiences to serve our ads.  However, ESRB does not receive any personal data from Facebook and Twitter about you or the target audience.

To learn more about Twitter’s privacy policies, please click here. To learn more about Facebook’s privacy policies, please click here.  To learn how to opt out of the collection of this information for targeted advertising, please visit http://www.aboutads.info/choicesor http://www.youronlinechoices.eu/.

Do Not Track (DNT) Disclosure

Your browser may allow you to set a “do not track” (DNT) signal indicating that you do not wish your online activity to be tracked. Currently, our system does not support and cannot act on DNT signal headers that we may receive. However, the choices that we provide you concerning collection and use of your personal information will continue to operate as described in this Privacy Policy.

Social Links

The Websites also include links to ESRB’s Facebook and Twitter pages and gives you the ability to share content from the Websites on Facebook, Twitter or LinkedIn. If you click on these links, you will leave the Websites. This Privacy Policy does not apply to any third-party sites. Those sites are subject to Facebook’s, Twitter’s and LinkedIn’s, respective, privacy policies.  Please review them carefully.

Back to Top

How is your information used?

We may use your information for various operational purposes. For example, we may use your information to send you administrative communications, including any future changes to this Privacy Policy. In addition, as discussed further below, we may utilize your information to send you email updates; address your inquiries, comments or complaints; or fulfill requests to rate a game or app.

Email Updates

Our email updates are powered by third-party Mailchimp®.  To review Mailchimp®’s privacy practices, please see the “Privacy for Contacts” section of its privacy policy. If you choose to sign up, we will utilize your email address and, if provided, first name, to send you email updates.

You voluntarily provide us with this information, and we process it consistent with our legitimate interests. If you prefer not to disclose the information, you will still be able to utilize the Websites, but you will not be able to sign up for email updates.

We retain this information unless and until you unsubscribe from our email updates, or you otherwise contact us to request that we delete this information.

User Inquiries, Comments and Complaints

If you contact us using one of our online contact forms to submit a question, comment or complaint, we utilize the information you provide us to best address your complaint or inquiry. For example, if you submit a complaint about a video game retailer, we contact that retailer on your behalf to attempt to resolve your complaint. If you contact us with an inquiry or complaint regarding a rating assigned to a video game or app, we will either do our best to address your inquiry or complaint ourselves (if you are in North America), or we will advise you of the organization best suited to do so (if you are outside North America).

You voluntarily provide us with this information, and we process it consistent with our legitimate interests. If you prefer not to disclose the information, you will still be able to utilize the Websites, but you will not be able to submit a complaint, make an inquiry, or otherwise contact us through the Websites.

Except as set forth in the next sentence or in the unusual circumstance when additional time is needed to adequately address your inquiry or complaint, we will delete your email after 12 months. If your complaint is directed at ESRB Privacy Certified and concerns a member of the Privacy Certified program’s failure to abide by the Privacy Certified program requirements, your email and any other documents relating to your complaint will be retained for 3 years by statute.

Rating Customers

Sections of the Websites are dedicated to ESRB’s business function of rating computer and video games and online apps. If you are a video game or app publisher and you submit a video game or app to be rated by ESRB, we utilize the personal and business information you provide us to rate the video game or app you submit to us, to maintain a historical record of the rating, and to obtain payment for our rating services.

We consider this to be a legitimate commercial interest that justifies our collection of your information.  Moreover, our collection may be necessitated by our contractual obligations to provide and track ratings, all of which is in the public’s interest. However, the decision whether to provide the information to us, belongs to you. If you prefer not to disclose the information, you will still be able to utilize the Websites, but you will not be able to submit a game or app for rating.

Except for the credit card information used for payment, we maintain the information obtained in connection with a rating, including the personal and business information you provide us, in a database. Because our rating of a game or app does not expire, we maintain this information indefinitely, meaning we will not delete it.

We do not store your credit card information, except the last 4 digits of the credit card number and the cardholder’s name. We maintain this information only as long as necessary to satisfy its operational purpose.

Back to Top

When do we share your information?

As set forth below, whether and when we share your information depends on the type of information.

Email Updates

Our email updates are powered by third-party Mailchimp®. To review Mailchimp®’s privacy practices, please see the “Privacy for Contacts” section of its privacy policy.

Unless we have a legal obligation to do so or it is necessary to address your complaint, we will not share this information with any third parties, except our service providers and processors.

User Inquiries, Comments and Complaints

Unless we have a legal obligation to do so or it is necessary to address your question or complaint, we will not share this information with any third parties, except our service providers and processors.

Rating Customers

We do not share with any third parties the personal information you provide us when you create a publisher account to submit a video game or app to be rated by ESRB, except as otherwise provided in this Privacy Policy or if you choose to pay for our service by credit card through one of the Websites.  If you choose to pay for our rating service by credit card through one of the Websites, your credit card and billing information is securely sent to our merchant services provider to process payment. Our merchant services vendor is required to maintain the confidentiality of your credit card information and is prohibited from using it for any other purpose.

Aggregate Information

We may take your personal information and make it non-personally identifiable, either by combining it with information about other individuals (aggregating your information with information about other individuals) or by removing characteristics (such as your name) that make the information personally identifiable to you (anonymizing your information). Given the nature of this information, no restrictions apply under this Privacy Policy on our right to aggregate or anonymize your personal information, and we may use and share the anonymized information in any way with third parties.

Mergers, Acquisitions, etc.

If we sell or otherwise transfer part or the whole of ESRB or our assets to another organization (e.g., in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, liquidation), your personal information and any other information collected through our Websites may be among the items sold or transferred. The buyer or transferee will be required to honor the commitments we have made in this Privacy Policy.

Disclosures Required By Law and Disclosures to Help Protect the Security and Safety of Our Websites and Others

We may disclose personal information (a) in the good faith belief that we are required to do so by law; (b) if doing so is reasonably necessary to comply with legal process; (c) to respond to any claims; or (d) to protect the rights, property, or personal safety of ESRB, users, or the public.

Back to Top

What kinds of security measures do we take to safeguard your personal information?

The security and confidentiality of your information is extremely important to us. We use robust security measures to protect user information from loss, misuse and alteration. We use industry-standard practices such as encrypted communications, physically secured rooms, firewalls, and password protection systems to safeguard the confidentiality of your personal information. Despite our best efforts, no security measure is ever perfect or impenetrable. If we learn that your unencrypted personal information has been compromised by a data breach, we will notify you consistent with applicable laws.

Back to Top

How can you review, update, or delete your personal information?

You may have the right to access, update, and request the deletion of information you have previously provided to us; request a portable copy of your personal information; or object to our processing of your personal information, which you may do by emailing us at privacy@esrb.org. However, if your personal information is being maintained pursuant to a contractual or other legal obligation, we may not be required to honor your request.

Back to Top

What are your California Privacy Rights?

California Civil Code § 1798.83 permits users of our Websites who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. If you are a California resident and you have questions about how your information may have been shared, you may contact us at:

ESRB
ATTN: VP, Privacy Certified
420 Lexington Avenue, Suite 2240
New York, NY 10170
privacy@esrb.org

Back to Top

Do we self-certify under the EU-U.S. and Swiss-U.S. Privacy Shield Framework?

The Websites are hosted by SG Hosting, Inc. (a/k/a SiteGround) on a server located in the United States.  SiteGround is certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce.  To learn more about the Privacy Shield program, and to view SiteGround’s certification, please visit https://www.privacyshield.gov/.  Additionally, SiteGround utilizes standard data protection clauses to safeguard information transferred outside of the EU.  For more information about SiteGround’s practices, please click here.

In addition, ESRB has certified that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view ESRB’s certification, please visit https://www.privacyshield.gov/.

In compliance with the Privacy Shield Principles, ESRB commits to resolve complaints about our collection or use of your personal information. For data protection matters within the European Union, we have retained Adaptant Solutions AG (“Adaptant AG”) to serve as our EU Representative pursuant to Article 27 of the GDPR.  For data protection matters within the United Kingdom, we have retained Adaptant Services Ltd. (“Adaptant Ltd.”). You may contact Adaptant AG or Adaptant Ltd. via email at compliance-esrb@adaptant.ioor at the following address:

For the EU:

Adaptant Solutions AG
Rosenheimer Str. 139
81671 Munich
Germany

For the UK:
Adaptant Services Ltd.
Kemp House, 160 City Road
London EC1V 2NX
United Kingdom

You may also submit an online inquiry directly through the following online contact form: https://www.adaptant.io/contacts-locations/.

If a European Union, United Kingdom or Swiss individual’s complaint cannot be resolved by us or Adaptant, we will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website. JAMS mediation may be commenced as provided for in the relevant JAMS rules, and at no cost to you. Under certain conditions, a European Union, United Kingdom or Swiss individual may also pursue binding arbitration through the Privacy Shield Panel.

Additionally, at any time, a European Union, United Kingdom or Swiss individual may submit a complaint directly to his or her local data protection authority. Moreover, ESRB is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

For more information about filing a complaint, click here.

ESRB may be liable for the onward transfer of an EU, UK or Swiss individual’s personal data to third parties that process personal data in a manner inconsistent with the Privacy Shield Principles, unless ESRB proves that it is not responsible for the event giving rise to the damage.

Back to Top

How can you ask questions, or send us comments, about this Privacy Policy?

If you have questions or wish to send us comments about this Privacy Policy, or the processing of your personal information, please contact us at:

ESRB
ATTN: VP, Privacy Certified
420 Lexington Avenue, Suite 2240
New York, NY 10170
Via email:  privacy@esrb.org

Or our EU Representative at:

Adaptant Solutions AG
Rosenheimer Str. 139
81671 Munich
Germany
Via email: compliance-esrb@adaptant.io
Via online contact form: https://www.adaptant.io/contacts-locations/

Or our UK Representative at:

Adaptant Solutions Ltd.
Kemp House, 160 City Road
London EC1V 2NX
United Kingdom
Via email: compliance-esrb@adaptant.io
Via online contact form: https://www.adaptant.io/contacts-locations/

Back to Top

How will you know if we amend this Privacy Policy?

We may amend this Privacy Policy at any time. If we make any material changes in the way we collect, use, or disclose your personal information, we will notify you by prominently posting notice of the changes on the Websites. If we make any material changes to this Privacy Policy that retroactively impact the way in which we use or disclose personal information already collected from you, we will attempt to notify you by email and seek your consent to those changes.

Back to Top