Last updated October 11, 2019
Our Privacy Commitment
Chart of Online Information Practices
A complete chart of the information we may collect from you through the Websites, how we collect it, the reason we collect it, how long we keep it, and whether we share it with third parties is provided in the following chart:
|Info Collected||Manner of and Reason for Collection||Lawful Basis for Collection||Retention Period||Disclosure to Third Parties|
|Email Update Sign-up|
|Email and first name||You can input your email address to sign up for email updates from us. When you sign up for email updates, you also have the option of providing us with your first name.||You voluntarily provide us this info, and we process it consistent with our legitimate interests||We keep this info unless and until you unsubscribe from the updates.||Unless we have a legal obligation to do so, we will not share this info with any third parties, except our service providers and processors.|
|Online Contact Forms|
|Submissions by Rating Customers|
|Company; contact name; company contact info (address; phone number; email address)||You are required to provide this info when you create an account to submit a computer or video game or mobile app to be rated.||You voluntarily provide us this info, and we process it consistent with our legitimate commercial interests and contractual requirements.||We maintain a permanent record of all info we receive in connection with a rating.||Unless we have a legal obligation to do so, we will not share this info with any third parties, except potentially service providers and processors.|
|Credit Card Info (credit card number, cardholder name, expiration, CVV, and billing info)||You have the option of paying for our rating service with a credit card, in which case we would need to collect this info from you.||You voluntarily provide us this info, and we process it consistent with our legitimate commercial interests and contractual requirements.||We temporarily retain the cardholder’s name and the last four digits of the card number for operational purposes.||This info is shared with ESRB’s merchant services provider to process payment.|
|For info about the use of tracking technologies, including cookies and pixels on our Websites, please click here.|
Table of Contents
- How do we define personal information?
- How do we handle personal information of children?
- What information do we collect on the Websites?
- Are tracking technologies and cookies used to collect information?
- How is your information used?
- When do we share your information?
- What kinds of security measures do we take to safeguard your personal information?
- How can you review, update, or delete your personal information?
- What are your California Privacy Rights?
- Do we self-certify under the EU-U.S. and Swiss-U.S. Privacy Shield Framework?
How do we define personal information?
We define personal information as information that can be used to identify or contact you (such as your full name, address, telephone number, or email address), account numbers (such as credit card or bank account numbers), and unique technical information (such as your IP address and other unique persistent identifiers).
How do we handle personal information of children?
The Websites are for adults and businesses only.
Parents, we take the privacy of children seriously, and we encourage you to take an active role in protecting your children’s privacy and online experiences at all times. ESRB complies with the Children’s Online Privacy Protection Act (“COPPA”), a U.S. law designed to protect users under the age of 13 online. We also comply with the European Union’s General Data Protection Regulation (“GDPR”), which includes certain protections for users under the age of 18 and additional protections for users under the age of 16. We do not knowingly collect personal information from children. If you believe that we may have unintentionally collected personal information from your child, please contact us utilizing the contact information below. If we confirm we have collected personal information from a child under the age of 16, we will delete that information from our systems.
What information do we collect on the Websites?
For ease of reference, a complete chart of the information collected on the Websites is provided above. Below we further explain what we collect, how we collect it, the reasons we collect it, how long we keep it, and whether we share it with third parties. We also explain how and why information is collected by third parties utilizing cookies and pixels.
Personal and Demographic Information You Provide to Us
We only collect personal and demographic information that you provide to us. Specifically, through the Websites, you can provide us with the following personal and/or demographic information:
- Email Updates: If you choose to sign up for email updates from us, you will be required to provide us with your email address and you will have the option to also provide us your first name.
- Rating Customers: If you are a video game or app publisher and would like to submit a video game or app to be rated by ESRB, you will required to provide us with the name of your company, the first and last name of the primary contact person at the company, an email address, telephone number, street or postal address, credit card information (optional), and information about the game or app you would like rated.
Are tracking technologies and cookies used to collect information?
We use Google Analytics to provide web analytics data about how our Websites are used, including to identify the website that linked you to our Websites. To provide this information, Google Analytics places a cookie on your web browser. We have configured Google Analytics so that none of the information it collects consists of or is linked to personal information belonging to you.
Moreover, videos appearing on the Websites are hosted by YouTube, which enables third-party cookies and ad tags from DoubleClick (Google) the moment a user visits one of the Websites. Google may use these cookies and tags to track you on the Websites and across other sites.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You can do this through the settings in your browser (e.g., Google Chrome, Microsoft Edge or Mozilla Firefox). Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies. If you turn cookies off, some of the features of the Websites might not function properly.
For more information about the third-party cookies on the Websites, including your opt-out choices, please refer to our chart below.
|Google Analytics||Analytics||n/a||https://tools.google.com/dlpage/gaoptout; https://support.google.com/analytics/answer/181881?hl=en|
A pixel is a piece of code installed on a website. Our Websites have Facebook and Twitter pixels installed, which Facebook and Twitter utilize to serve targeted ads. Facebook and Twitter collect various information about you through the pixels, including information about your activity on our Websites. For our use, Facebook and Twitter use this information to provide us with targeted audiences to serve our ads. However, ESRB does not receive any personal data from Facebook and Twitter about you or the target audience.
To learn more about Twitter’s privacy policies, please click here. To learn more about Facebook’s privacy policies, please click here. To learn how to opt out of the collection of this information for targeted advertising, please visit http://www.aboutads.info/choices or http://www.youronlinechoices.eu/.
Do Not Track (DNT) Disclosure
How is your information used?
You voluntarily provide us with this information, and we process it consistent with our legitimate interests. If you prefer not to disclose the information, you will still be able to utilize the Websites, but you will not be able to sign up for email updates.
We retain this information unless and until you unsubscribe from our email updates, or you otherwise contact us to request that we delete this information.
User Inquiries, Comments and Complaints
If you contact us using one of our online contact forms to submit a question, comment or complaint, we utilize the information you provide us to best address your complaint or inquiry. For example, if you submit a complaint about a video game retailer, we contact that retailer on your behalf to attempt to resolve your complaint. If you contact us with an inquiry or complaint regarding a rating assigned to a video game or app, we will either do our best to address your inquiry or complaint ourselves (if you are in North America), or we will advise you of the organization best suited to do so (if you are outside North America).
You voluntarily provide us with this information, and we process it consistent with our legitimate interests. If you prefer not to disclose the information, you will still be able to utilize the Websites, but you will not be able to submit a complaint, make an inquiry, or otherwise contact us through the Websites.
Except as set forth in the next sentence or in the unusual circumstance when additional time is needed to adequately address your inquiry or complaint, we will delete your email after 12 months. If your complaint is directed at ESRB Privacy Certified and concerns a member of the Privacy Certified program’s failure to abide by the Privacy Certified program requirements, your email and any other documents relating to your complaint will be retained for 3 years by statute.
Sections of the Websites are dedicated to ESRB’s business function of rating computer and video games and online apps. If you are a video game or app publisher and you submit a video game or app to be rated by ESRB, we utilize the personal and business information you provide us to rate the video game or app you submit to us, to maintain a historical record of the rating, and to obtain payment for our rating services.
We consider this to be a legitimate commercial interest that justifies our collection of your information. Moreover, our collection may be necessitated by our contractual obligations to provide and track ratings, all of which is in the public’s interest. However, the decision whether to provide the information to us, belongs to you. If you prefer not to disclose the information, you will still be able to utilize the Websites, but you will not be able to submit a game or app for rating.
Except for the credit card information used for payment, we maintain the information obtained in connection with a rating, including the personal and business information you provide us, in a database. Because our rating of a game or app does not expire, we maintain this information indefinitely, meaning we will not delete it.
We do not store your credit card information, except the last 4 digits of the credit card number and the cardholder’s name. We maintain this information only as long as necessary to satisfy its operational purpose.
When do we share your information?
As set forth below, whether and when we share your information depends on the type of information.
Unless we have a legal obligation to do so or it is necessary to address your complaint, we will not share this information with any third parties, except our service providers and processors.
User Inquiries, Comments and Complaints
Unless we have a legal obligation to do so or it is necessary to address your question or complaint, we will not share this information with any third parties, except our service providers and processors.
Mergers, Acquisitions, etc.
Disclosures Required By Law and Disclosures to Help Protect the Security and Safety of Our Websites and Others
We may disclose personal information (a) in the good faith belief that we are required to do so by law; (b) if doing so is reasonably necessary to comply with legal process; (c) to respond to any claims; or (d) to protect the rights, property, or personal safety of ESRB, users, or the public.
What kinds of security measures do we take to safeguard your personal information?
The security and confidentiality of your information is extremely important to us. We use robust security measures to protect user information from loss, misuse and alteration. We use industry-standard practices such as encrypted communications, physically secured rooms, firewalls, and password protection systems to safeguard the confidentiality of your personal information. Despite our best efforts, no security measure is ever perfect or impenetrable. If we learn that your unencrypted personal information has been compromised by a data breach, we will notify you consistent with applicable laws.
How can you review, update, or delete your personal information?
You may have the right to access, update, and request the deletion of information you have previously provided to us; request a portable copy of your personal information; or object to our processing of your personal information, which you may do by emailing us at firstname.lastname@example.org. However, if your personal information is being maintained pursuant to a contractual or other legal obligation, we may not be required to honor your request.
What are your California Privacy Rights?
California Civil Code § 1798.83 permits users of our Websites who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. If you are a California resident and you have questions about how your information may have been shared, you may contact us at:
ATTN: VP, Privacy Certified
420 Lexington Avenue, Suite 2240
New York, NY 10170
Do we self-certify under the EU-U.S. and Swiss-U.S. Privacy Shield Framework?
The Websites are hosted by SG Hosting, Inc. (a/k/a SiteGround) on a server located in the United States. SiteGround is certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce. To learn more about the Privacy Shield program, and to view SiteGround’s certification, please visit https://www.privacyshield.gov/. Additionally, SiteGround utilizes standard data protection clauses to safeguard information transferred outside of the EU. For more information about SiteGround’s practices, please click here.
In compliance with the Privacy Shield Principles, ESRB commits to resolve complaints about our collection or use of your personal information. For data protection matters within the European Union, we have retained Adaptant Solutions AG (“Adaptant AG”) to serve as our EU Representative pursuant to Article 27 of the GDPR. For data protection matters within the United Kingdom, we have retained Adaptant Services Ltd. (“Adaptant Ltd.”). You may contact Adaptant AG or Adaptant Ltd. via email at email@example.com or at the following address:
For the EU:
Adaptant Solutions AG
Rosenheimer Str. 139
For the UK:
Adaptant Services Ltd.
Kemp House, 160 City Road
London EC1V 2NX
You may also submit an online inquiry directly through the following online contact form: https://www.adaptant.io/contacts-locations/.
If a European Union, United Kingdom or Swiss individual’s complaint cannot be resolved by us or Adaptant, we will cooperate with JAMS pursuant to the JAMS International Mediation Rules, available on the JAMS website. JAMS mediation may be commenced as provided for in the relevant JAMS rules, and at no cost to you. Under certain conditions, a European Union, United Kingdom or Swiss individual may also pursue binding arbitration through the Privacy Shield Panel.
Additionally, at any time, a European Union, United Kingdom or Swiss individual may submit a complaint directly to his or her local data protection authority. Moreover, ESRB is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
For more information about filing a complaint, click here.
ESRB may be liable for the onward transfer of an EU, UK or Swiss individual’s personal data to third parties that process personal data in a manner inconsistent with the Privacy Shield Principles, unless ESRB proves that it is not responsible for the event giving rise to the damage.
ATTN: VP, Privacy Certified
420 Lexington Avenue, Suite 2240
New York, NY 10170
Via email: firstname.lastname@example.org
Or our EU Representative at:
Or our UK Representative at: