Customer (B2C) Privacy Notice

Your privacy is important to Asmodee Group, of which Zygomatic is one of the studios. This Privacy Notice explains how we handle and treat your personal data when you use the products or services that Asmodee provides.

This Privacy Notice explains our approach to any personal data that we collect from you or that we have obtained about you from a third party and the purposes for which we process your personal data. It also sets out your rights in respect of our processing of your personal data.

We may collect personal data from you in the course of our business, including when you use our applications and websites, when you enter in our competitions or participate in tournaments, or when you contact or request information from us.

1. Who is responsible for your personal data?

2. Minimum age

3. What personal data do we collect about you?

4.How do we use your personal data?

5. Who do we disclose your personal data to?

6. How long do we retain your personal data?

7. Security of your personal data

8. What are your rights?

9. Contact and complaints

10. Changes to this Privacy Notice


1. Who is responsible for your personal data?

ASMODEE GROUP, a French “Société par actions simplifiée à associé unique” with registered office at 18 rue Jacqueline Auriol, Quartier Villaroy, 78280 Guyancourt, registered with the Commerce and Companies Register of Versailles under number 399 899 806 (“Asmodee” or “we”) is the controller of your personal data.

2. Minimum age

Protecting the safety and privacy of children is very important to us. We do not knowingly collect or use personal data from anyone under the age of 15 years old, without the consent of both the child and the holder of parental responsibility. Therefore, you represent that you are at least 15 years old or above when you provide your personal data in relation to our products or services. If you are not at least 15 years old, you must ask the consent of your parent or legal guardian to provide us with your personal data. In this case, please contact the contact details indicated in Article 9 below.

3. What personal data do we collect about you?

We collect information regarding you, such as:

  • Identification data such as your first and last names and your birthdate,
  • Data relating to your personal life such as your personal email or postal address,
  • Your connection data when you access our applications and websites,
  • Your personal habits with respect to the use of our games,
  • Your food preferences in the context of a tournament where we provide foods to participants, and
  • Other information necessary to provide our products and services, and to respond to your queries.

4. How do we use your personal data?

We use your personal data for the purposes listed below. Whenever we process your personal data, we do so on the basis of a lawful “justification” (or lawful basis) for processing, which we have identified in the table below.

Purpose for processing Lawful basis
1 To fulfil your requests or complaints for certain products and services purchased. This processing is necessary to perform the contract between you and Asmodee.
2 To manage your personal account. This processing is necessary to perform the contract between you and Asmodee.
3 To administer promotional offers, contests or other promotional events, such as tournaments, and notify winners. This processing is necessary to perform the contract between you and Asmodee.
4 To respond to your queries. This processing is based on our legitimate interest in communicating with our customers and/or users of our games and/or our applications and websites.
5 To send you marketing communications regarding our services and products. We consider that we have a legitimate interest in ensuring that our customers are kept up to date with information about our products and services, as this helps us to preserve our business operations or grow our business.
However, where we are required by law to obtain your consent before sending you such information, we will rely upon such consent as our basis for processing.
6 To comply with any applicable law, court order, other judicial process, or the requirements of a regulator. This processing is necessary to comply with our legal obligations.
7 To enforce our agreements with you. We consider that we have a legitimate interest in ensuring that our contracts are performed correctly and in defending our rights where necessary.
8 To enforce our legal rights and obligations, and for any purposes in connection with any legal claims made by, against or otherwise involving you. We consider that we have a legitimate interest in protecting our organization from breaches of legal obligations owed to it and to defend itself from litigation.
9 To protect the rights of third parties. This processing is necessary for the compliance with legal obligations to which Asmodee is subject.
This processing is also necessary for the purpose of the legitimate interests pursued by Asmodee. We consider that we have a legitimate interest in ensuring our activities do not violate any third parties’ rights.
10 In contemplation of and/or in connection with a business transaction such as a merger, or a restructuring, or sale. We consider that we have a legitimate interest as we need to be able to make decisions relating to the future of our business in order to preserve our business operations or grow our business.

 

5. Who do we disclose your personal data to?

We may share your personal data with a variety of the following categories of third parties as necessary:

  • Other entities of the Asmodee group (the list of Asmodee affiliates is available here),
  • Third party service providers (maintenance, storage, payment, logistics, marketing services, etc.), for the purposes described in Section 3 above,
  • Our professional advisers such as lawyers and accountants, auditors,
  • Shareholders,
  • Government or regulatory authorities,
  • Professional indemnity or other relevant insurers,
  • Regulators/tax authorities/corporate registries, and
  • Banks.

Please note this list is non-exhaustive and there may be other examples where we need to share with other parties where justified by our legitimate interest, permitted by applicable law, or necessary for compliance with a legal obligation to which we are subject.

In this context, your personal data may be transferred outside the European Economic Area (EEA), to countries not offering a level of protection of personal data equivalent to that offered within the EEA, such as China, USA, Canada, etc. In the absence of an adequacy decision of the European Commission, the transfer of your personal data will be made pursuant to the standard contractual clauses adopted by the European Commission or pursuant to any other legal protection mechanism in accordance with applicable law.

6. How long do we retain your personal data?

Our general approach is to retain your personal data only for as long as required to fulfil the purposes for which it was collected. We generally retain your personal data for the duration strictly necessary for the management of our relationship with you. However, unless you object, we retain your personal data used for marketing purposes for an additional 3-years period after the end of our relationship with you.

However, we may in addition retain personal data for longer periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or where such data is necessary to establish the existence of a right or contract. In that case, your personal data will be archived and retained for the duration imposed by applicable law, or for the duration of the applicable statute of limitations.

When your personal data will no longer be necessary, we will delete or anonymize them.

7. Security of your personal data

We are committed to keeping your personal data secure and we have implemented appropriate information security policies, rules and technical measures to protect it from unauthorised access, improper use or disclosure, unauthorised modification and unlawful destruction or accidental loss.

All of our partners, employees, consultants, workers and data processors, who have access to, and are associated with the processing of personal data, are obliged to respect its confidentiality.

8. What are your rights?

You have a number of rights in relation to your personal data. More information about each of these rights is set out below:

  • Withdrawal of consent. You can withdraw at any time your consent in respect of any processing of personal data based on your consent, without affecting the lawfulness of processing based on your consent before its withdrawal.
  • Access. You can ask us to confirm whether we process your personal data and, as the case may be, inform you of the characteristics of such processing, allow you to access such data and give you a copy of it.
  • Rectification. You can ask us to rectify or complete inaccurate or incomplete personal data.
  • Erasure. You can ask us to erase your personal data in the following cases: where it is no longer necessary for the purposes for which it was collected; you withdrew your consent; you objected to the processing of your personal data; your personal data has been processed unlawfully; or to comply with a legal obligation. We are not required to comply with your request notably if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims.
  • Restriction. You can ask us to restrict the processing of your personal data (i.e., keep but not use your personal data) where: the accuracy of your personal data is contested; the processing is unlawful, but you do not want it erased; it is still necessary to establish, exercise or defend legal claims; to verify the existence overriding grounds following the exercise of your right of objection. We can continue to use your personal data following a request for restriction, where: we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
  • Portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another data controller, but only where the processing is based on your consent or on the performance of a contract with you, and the processing is carried out by automated means.
  • Digital legacy. You have the right to define (general or specific) directives regarding the fate of your personal data after your death.
  • Objection to phone sollicitation. If you give your phone number but do not wish to receive commercial phone calls, you can register on the opt-out list “Bloctel”: www.bloctel.gouv.fr.
  • Right to object to processing justified on legitimate interest grounds. Where we are relying upon legitimate interest to process personal data (see Section 2), then you have the right to object to that processing. If you object, we must stop that processing unless we can either demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or where we need to process the data for the establishment, exercise or defense of legal claims.
  • Right to object to processing for marketing purposes. Where we process personal data for direct marketing purposes, then you have the right to object to that processing at any time.

You also have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes applicable law. In France, the supervisory authority for the protection of personal data is the CNIL (www.cnil.fr).

To exercise your rights regarding your personal data, please send us this duly completed form and send it to us at the contact details provided.

9. Contact and complaints

For further information regarding your rights, to exercise any of your rights, or if you have any complaints or questions regarding the processing of your personal data, please contact donneespersonnelles-group@asmodee.com

10. Changes to this Privacy Notice

We may occasionally change this Privacy Notice, for example, to comply with new requirements imposed by the applicable laws, technical requirements or good commercial practices. We will notify you in case of material changes.

Date of update : 03 – 24 – 2021