Legal and Privacy

1. Controller – Who are we?

We are Fortis Games. We determine the purpose and means of the processing operations described in this privacy policy, and we are therefore the ‘controller’ under applicable data protection laws, or the equivalent term in your region. Where this privacy policy refers to Fortis Games, “we”, “us” and “our”, this refers to the specific entity in the Fortis group, consisting of Fortis, LLC and its affiliates, subsidiaries and offices, with which you have a contractual relationship or have otherwise interacted. We have local representatives in several regions. For privacy-related questions, you can contact us via e-mail at privacy@fortisgames.com or as specified in the Contact Us section below. The Contact Us section also provides more information regarding our local representatives.

2. Personal Data – Which personal data do we process and how do we obtain these personal data?

The personal data we may process include, as applicable:

• Contact data: your name, e-mail address and telephone number;
• Demographic data: your age, gender and location (city, country and timezone);
• Profile data: your login credentials (username and password), unique user ID, public screen name, profile picture and avatar;
• Gameplay data: information about the Services you use (such as the relevant game name, version and language) and your use of the Services (such as the duration and time of your use of the Services, in-game actions and location, player level, game progress and results, collaboration and participation in teams, and participation in matches, battles, missions and other game events), as well as personal data required for specific settings or features of the Services (such as your wishlist, multiplayer and communication features, including in-game chat, voice chat, video chat and friend list);
• Transactional data: information about purchases, offers purchased and viewed, refunds, gift transactions, and related currency, payment and billing information, such as payment method, payment provider;
• Technical and traffic data: information about your hardware (such as device brand, model, device ID, language, available memory, power status or other device-related specifications), your operating system and settings, browser and network (such as network type, internet service provider, plugins, IP address), and technical information about your use of the Services (such as timestamps of your logins and in-Service activities, products and services viewed in the Services, URLs of visited, referring and exiting webpages, number of clicks, crash reports and traffic data);
• Marketing data: your opt-in/opt-out choices for receiving promotional messages, push notifications, in-game offers, personalized ads, advertising IDs, and information about your interactions with advertisements, such as impressions, clicks and views;
• Social Media data: information about your (linked) social media profile (such as Discord, Facebook, Twitch), your posts, comments, ‘likes’ and other interactions on social media platforms in relation to the Services;
• Security data: information required for security of the Services, such as multi-factor authentication, player reports, fraud detection mechanisms, anti-cheat monitoring, ban enforcement and security logs;
• Miscellaneous: Any other personal data you choose to provide to us, such as through email, a chat or messaging feature made available in the Services or online forms, surveys and other interactions with us.

Beyond collecting personal data directly from you, we may generate or collect from your device or browser and from third-party sources (also see the Cookies section below). Third-party sources through which we collect personal data include public sources, such as social media platforms, data analytics providers, advertising partners and game providers and publishers. The personal data we may receive from such third parties also include Marketing data and Social Media data as described above. We may furthermore receive personal data from parties with whom we share personal data, as listed below in the section Data Sharing – Who may receive your personal data?.

3. Legal Bases – What legal bases do we rely on?

Our goal is to process your personal data in accordance with the laws that apply to our use of it. Depending on your region, we rely on one or more of the following legal bases for the processing of personal data:

• performance of a contract – we may process personal data as necessary to enter into, fulfill or perform our contract with you;
• consent – we may rely on your consent, including where required by law or when no other legal basis can be relied upon. Where processing is based on consent, you have the right to withdraw your consent at any time;
• legitimate interests – we may process your personal data based on our or a third party’s legitimate interests, provided your rights do not outweigh these interests;
• compliance with legal obligations – we may process your personal data as necessary to comply with our legal obligations; or
• vital interests – we may process personal data to protect vital interests where it is necessary to protect the life or safety of you or another individual. This can for instance be relevant in situations of real-world threats of violence, abuse and situations involving emergency services.

4. Processing Purposes – For what purposes do we process personal data?

We process the personal data listed in the previous section for a variety of purposes as listed below.

• Services – We mainly process personal data to operate the Services to:
  • enable you to create, verify and manage your account;
  • determine the relevant settings and features of the Services based on age and location;
  • provide you with the Services, as well as customer service, technical support and assistance, and
  • facilitate your use of specific features the Services, such as location based services or voice chat;
  • communicate with you about the Services, including via e-mail alerts, and to communicate with you about your requests or comments regarding the Services;
  • and personalize your gameplay experience through the Services.

This is primarily based on the performance of our contractual relationship with you, and where required, based on your consent.

• Product and Services Development, Improvement and Testing – We process personal data for the development, troubleshooting and improvement of our Services to:
  • develop new products and services and to grant early access to individuals to such products and services;
  • enhance, troubleshoot and improve our Services;
  • manage alpha, beta or early access testing of our Services.

This is primarily based on our legitimate interests to further develop and improve our Services. We also process personal data for this purpose based on our contractual relationship with you.

• Marketing – We process personal data to advertise and market our Services and related products and services in order to:
  • promote our Services and related products and services through direct marketing (including based on individuals' preferences);
  • provide in-game personalised offerings to you, including in partnership with third parties;
  • enable your participation in contests and rewards programs;
  • organize events relating to our Services.

For advertising and marketing activities (i) we obtain your consent where required and (ii) we rely on our legitimate interests to pursue marketing activities where allowed.

• Tailored offers - We process personal data to tailor in-game offers based on your gameplay activity, such as:
  • special rewards depending on your progress;
  • rewards and bespoke offers based on your previous activity, Gameplay data and Transactional data.

You can opt-out of these tailored in-game offers at any time using your account settings.

This processing is carried out on the basis of legitimate interests to provide you with offers that are relevant and aligned with your interests.

• Analytics – We process personal data for analytical purposes to:
  • analyze our Services and our customer base;
  • understand how our Services are used;
  • determine the effectiveness of our advertising and marketing activities;
  • conduct market research and customer surveys.

To analyze and improve our Services and business operations for this purpose, (i) where possible, we rely on our legitimate business interest to perform analytics and (ii) where required, obtain your consent.

• Compliance with legal obligations – We process personal data to comply with legal obligations that apply to us, such as complying with lawful orders from governmental authorities or courts, subpoenas, obligations under tax, financial reporting, employment, consumer protection, and data protection laws.

This processing is based on our legal obligations.

• Security, maintenance and improvement of our systems and Services – We process personal data to maintain and enhance the availability, security and performance of our IT infrastructure and Services, and to detect, prevent, and investigate (suspicions of) data breaches or attempts to unlawfully access our IT infrastructure and Services.

This processing is mostly based on our legal obligations and our legitimate business interests to keep our Services secure.

• Prevention, detection and investigation of unlawful and unwanted activities – We process personal data to detect, prevent, and investigate (suspicions of) (i) criminal offences, physical or other harm, and other unlawful activities, including cheating, hacking, account stealing, misuse and abuse, (ii) breaches of our Terms of Service and Community Guidelines, and to file reports of such events with relevant law enforcement bodies (including any related cooperation).

This processing is mostly based on our legal obligations, our contractual relationship with you, vital interests, or our legitimate business interests to prevent, detect and investigate unlawful activities.

• Corporate developments – We may process personal data in connection with a sale or transfer of all or part of our business or assets, or any other actual or potential corporate events, such as mergers, acquisitions, joint ventures, reorganizations, financing transactions, a divestiture, dissolution, or liquidation.

This processing is mostly based on our legal obligations or our legitimate business interests to facilitate business continuity, enabling due diligence, and supporting the evaluation, negotiation, and completion of corporate transactions in a secure and compliant manner.

• Disputes and legal rights – We process personal data to protect and enforce our legal rights and contracts (including our Terms of Service and Community Guidelines) in connection with actual or threatening disputes, legal proceedings, claims, investigations and similar events.

This processing is mostly based on our contractual relationship with you, or our legitimate business interests to protect and enforce our legal rights.

• Anonymization, de-identification & aggregation – We anonymize, de-identify and/or aggregate personal data for improving our products and Services based on usage patterns, optimizing marketing and advertising effectiveness, conducting comprehensive market research and demographic analysis, informing strategic business decisions and resource allocation, strengthening fraud detection and risk management systems, benchmarking, supporting research and development initiatives for new offerings, and identifying emerging consumer trends.

This processing is based on our legitimate business interests.

Lastly, we may process your personal data for additional purposes other than described in this privacy policy with your informed consent.

5. Mandatory provision of personal data

You may be required to provide certain personal data to us, for instance by contract or by law. Fields in online forms with an asterisk (*) indicate information that is mandatory to submit the form. If you fail to provide mandatory information, this may affect our ability to provide you with our Services, our contractual relationship with you, or the Services may not operate as intended.

6. Data Retention – How long do we keep personal data?

We retain personal data for as long as necessary for the purposes for which we collected it. It may also be necessary to retain personal data longer for the purposes described in this privacy policy, such as crime prevention, compliance with legal (retention) obligations, disputes and enforcement of our legal rights.

7. Privacy Rights – Which rights do you have in connection with your personal data?

Depending on your region and applicable data protection laws, you may have certain rights regarding the processing of your personal data. These rights commonly include:

• right to access – the right to request access to your personal data, obtain a copy of such personal data and receive specific information about the processing of your personal data;
• right to rectification – the right to have inaccurate or incomplete personal data corrected or supplemented;
• right to erasure (‘right to be forgotten’) – the right to request deletion of your personal data.

In certain regions, you also have the right to object to processing, the right to restrict processing, the right to receive your personal data in a structured, commonly used, and machine-readable format (‘data portability’), and the right not to be subject to automated decision-making.

You can submit a request to exercise your rights through the support channels available in our Services, or by contacting us as specified in Contact Us section below. When you submit a request to exercise your rights, we will assess whether the right is available to you in your region, and whether it is subject to any conditions, restrictions or exceptions under applicable data protection laws. We will also comply with any procedural requirements, including verification of your identity.

In addition to the rights listed above, in most regions you have the right to lodge a complaint regarding the processing of your personal data with the local supervisory authority. You can also file a complaint with us by contacting us as specified in Contact Us section below, in which case we will respond as appropriate.

Appendix B – Region-specific Information outlines specific and/or additional privacy rights for certain regions. To the extent information regarding a specific region contradicts information provided in the general part of this privacy policy, the information regarding the specific region prevails.

8. Data Sharing – Who may receive your personal data?

Your personal data may be shared with or accessible to others outside of Fortis Games:

• publicly – certain personal data may be available publicly, including your public-facing display name, content you share publicly and game statistics, in accordance with your settings in the Services;
• other Players and Users – when you engage with social features within our Services, your personal data may be visible to other Players and Users, such as in multiplayer environments, leaderboards, or user-generated content interactions;
• affiliates and subsidiaries – personal data may be accessible to other entities within our group of companies in connection with shared systems, central administration and operational efficiency;
• third-party service providers - we work with third-party service providers who assist in developing and operating our Services (such as platform services, game developers, game publishers, game console providers), and managing business operations (such as hosting, analytics, payment processing, customer support). We require such service providers to implement appropriate data protection measures in accordance with applicable data protection laws;
• advertising and social media partners – our Services include features from our advertising and social media partners, such as social media interaction tools, functionalities through application programming interfaces (APIs) or software development kits (SDKs) and in-game advertising. These partners may access personal data (such as device and activity data, IP address, mobile identifiers, pages visited, location and usage patterns) through these technical integrations and process it further under their own privacy policies (see Appendix A – Third Party Partners); and/or
• other companies and authorities – we may share personal data with others as required for the purposes described in this privacy policy. Such recipients may for instance include accountants, attorneys, auditors, consultants, financial institutions, insurance companies, telecommunication providers, companies or parties involved in corporate events or disputes and their professional advisers. Where required by law or necessary for legitimate purposes, we may also share personal data with relevant authorities, such as government agencies, law enforcement authorities, and courts.

9. International Transfers – How and where to do we transfer personal data?

We transfer your personal data to, and process your personal data in, countries other than your country of residence, to the extent necessary for the purposes described in this privacy policy. We implement measures to ensure that cross-border data transfers comply with applicable data protection laws. Where a competent authority in your region (such as the European Commission for countries within the European Economic Area) has recognized a country as providing an adequate level of data protection, we rely on such adequacy decision. If not, we implement appropriate safeguards when making international transfers (for example, we use data transfer agreements that incorporate specific contractual clauses that are recognized by the competent authority in your region as valid and effective in providing your personal data with an equivalent level of protection under the laws of your country). Alternatively, we may rely on your consent for cross-border transfers of personal data, including if required by the law in your region. Unless such law requires explicit consent, you acknowledge and consent to our conduct of such cross-border transfers of personal data by agreeing to this privacy policy and through your use of the Services. If you are a resident of the European Economic Area or the United Kingdom and would like to obtain a copy of the safeguards we have put in place, please contact us as specified in Contact Us section below.

10. Data Security – How do we protect personal data?

We implement and maintain appropriate organizational, technical and physical measures designed to safeguard the personal data we obtain against accidental, unlawful or unauthorized access, destruction, loss, alteration, disclosure or use. These measures are designed to ensure the confidentiality, integrity, and availability of your personal data. While we take extensive precautions to secure your personal data, no system or method of data transmission over the internet can be guaranteed to be impenetrable.

11. Children Data – How do we protect children’s privacy?

Our Services are designed for a general audience and are generally not directed to children (under the age of 13, or the applicable minimum age in your region as required by law). In general, we do not knowingly solicit or collect personal data from children without legally required safeguards. To the extent our Services may be appealing to children, we implement additional safeguards to provide children with a restricted, age-appropriate version of the Services with limited features and/or we may obtain parental consent where necessary. We are committed to providing a safe and secure experience for all users. If you believe that a child may have provided us with personal data without legally required parental consent, please contact us as specified in Contact Us section below. A parent or legal guardian may also exercise applicable privacy rights on behalf of their child.

12. Sensitive data

We do not intentionally collect sensitive personal data (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, health information, or biometric data), unless we explicitly request you to provide such personal data for a specific purpose and with appropriate consent. Unless we explicitly request you to do so, please do not provide such personal data when using our Services or communicating with us. If you do, we reserve the right to delete such personal data.

13. Cookies and related technologies

When you visit, use, or otherwise access our Services, we may obtain certain information by automated means, such as cookies, local storage, web beacons, web server logs and other technologies. A “cookie” is a text file that websites send to a visitor’s computer or other internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an internet tag, pixel tag or clear GIF, links web pages to web servers and cookies and may be used to transmit information collected through cookies back to a web server. The cookies and related technologies our Services use can be divided into following categories:

• strictly necessary cookies, which are necessary for the Services to function and cannot be switched off;
• performance cookies, which allow us to measure and improve the performance of the Services;
• functional cookies, which enable enhanced functionality and personalization of the Services;
• targeting cookies, which may be set by our advertising partners;
• social media cookies, which are set by a range of social media services that we have added to the Services to enable you to share our content with your friends and networks.

Where required by applicable law, we will obtain your consent for the use of cookies and related technologies. You can set your preferences and find more detailed information about the specific cookies and related technologies used by our Services by clicking the Cookie Settings link located at the bottom of the page.

14. Links to Third-Party Services and Features

For your convenience and information, our Services may provide links to other online services, and may include third-party features such as apps, tools, widgets and plug-ins. These online services and third-party features may operate independently from us. The privacy practices of the relevant third parties, including details on the information they may collect about you, are subject to the privacy policies of these parties, which we strongly suggest you review (see Appendix A – Third Party Partners). To the extent any linked online services or third-party features are not owned or controlled by us, we are not responsible for these third parties' information practices.

15. Contact Us

We encourage you to use the contact forms on our website and in our Helpshift, since these are the most convenient ways to get in touch with us. You can also contact us using the below contact details:

Fortis Games

Attn.: Legal Department

E-mail: privacy@fortisgames.com

Address: 3883 Howard Hughes Parkway, Suite 550, Las Vegas, Nevada, 89169, USA

Below is an overview of our local representatives.

EU and EEA

Attn.: DataRep

Email: fortis@datarep.com

Address: The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland

Switzerland

Attn.: DataRep

Email: fortis@datarep.com

Address: Leutschenbachstrasse 95, ZURICH, 8050, Switzerland

United Kingdom

Attn.: DataRep

Email: fortis@datarep.com

Address: 107-111 Fleet Street, London, EC4A 2AB, United Kingdom

16. Updates to this Privacy Policy

We may update this privacy policy from time to time to reflect changes in our privacy practices. If the changes made to our privacy policy are material, we will provide additional notice to you, such as through email. At the top of this privacy policy you can see when it was most recently updated. Previous versions are available upon request. We encourage you to periodically review this privacy policy for the latest information on our privacy practices.

17. Translations

This Privacy Policy is originally written in English. Any translations of this Privacy Policy that we may provide are for convenience only and are not legally binding. In the event of any discrepancies or inconsistencies between the English version and any translation, the English version shall prevail and govern.

Appendix A – Third Party Partners

This list provides links to the privacy policies of third-party partners on external sites. By clicking these links, you will be redirected to external sites which are not managed by us.

AppLovin

BugSnag

CleverTap

Facebook

Google

Helpshift

K-ID

OneTrust

Survey Monkey

Singular

Tiktok

Variance

Appendix B – Region-specific Information

The following information applies specifically to the regions as indicated.

California

If you are a resident of California, you may have additional rights. The below disclosures and rights apply only to California residents, and the terms used in this section have the meaning given to them under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (the “CCPA”), unless otherwise stated.

• Policy at Collection. At or before the time of collection of your personal information, you have a right to receive notice of our data practices. Our data practices are as follows:
  • For the categories of personal information we have collected in the past 12 months and the categories of sources from which such personal information is collected, see the Personal Data – Which personal data do we process and how do we obtain these personal data? section above.
  • For the specific business and commercial purposes for collecting and using personal information, see the Processing Purposes – For what purposes do we process personal data? section above.
  • For the categories of third parties to whom information is disclosed, see the Data Sharing – Who may receive your personal data? section above.
  • For the criteria used to determine the period of time information will be retained, see the Data Retention – How long do we keep personal data? above.
• Sales & Sharing. We do not sell your personal information as that term is traditionally understood. However, some of our disclosures of personal information may be considered a “sale” or “share” as those terms are defined under the CCPA. A “sale” is broadly defined under the CCPA to include a disclosure for something of value, and a “share” is broadly defined under the CCPA to include a disclosure for cross-context behavioral advertising. We collect, sell, or share the following categories of personal information for commercial purposes: contact identifiers, characteristics or demographics, commercial or transactions information, user-generated content, device identifiers, device information, internet activity, general location data, and inferences drawn from any of the above. The categories of third parties to whom we sell or share your personal information include, where applicable, vendors and other parties involved in cross-context behavioral advertising. For details on your rights regarding sales and shares, see the Right to Opt-Out of Sales and Sharing section below. We do not knowingly sell or share the personal information of minors under 16 years old who are California residents.
• Sensitive Personal Information. Some of the personal information we collect may be considered sensitive personal information under CCPA, such as account credentials. We collect, use, and disclose such sensitive personal information only for the permissible business purposes for sensitive personal information under the CCPA or without the purpose of inferring characteristics about consumers. We do not “sell” or “share” sensitive personal information.
• Right to Know, Correct, and Delete. You have the following rights under the CCPA:
  • The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purposes for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you.
  • The right to correct inaccurate personal information that we maintain about you.
  • The right to delete personal information we have collected from you.
• To exercise any of these rights, please contact us at the email address below, and specify which right you are seeking to exercise along with your region. Please note these rights are subject to exceptions. If you have an account with us, we may require you to use the account to submit the request. We will confirm receipt of your request within 10 business days and respond to your request within 45 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request.
• Right to Opt-Out of Sales and Sharing. To the extent we “sell” or “share” your personal information as those terms are defined under the CCPA, if applicable you may have the right to opt-out of the sale or sharing of your personal information. To opt-out, turn on a recognized opt-out preference signal, such as Global Privacy Control, in your browser or extension.
• Please note that when you submit an opt-out, we do not know who you are within our systems, and your opt-out will only apply to personal information collected from tracking technologies on the specific browser from which you opt-out. If you delete or reset your cookies, or use a different browser or device, you will need to reconfigure your settings. If you want the opt-out to also apply to other personal information we have about you (such as your contact identifiers, for example email address or player ID), please provide your contact identifiers through the link as requested or make sure you are logged into your account when submitting the opt-out. Opt-outs also apply to any pseudonymous profiles we maintain associated with your browser or device.
• Authorized Agent. If applicable, you can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.
• Right to Non-Discrimination. You have the right not to receive discriminatory treatment by us for the exercise of any of your rights.
• Shine the Light. Under California’s Shine the Light law, customers who are residents of California may request (i) a list of the categories of personal information disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at the email or postal address set out in the Contact Us section below and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.

Colorado, Connecticut and Virginia

These additional rights and disclosures apply only to residents of Colorado, Connecticut, and Virginia. Terms have the meaning ascribed to them in the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), and the Virginia Consumer Data Protection Act (“VCDPA”), as applicable.

In your region, you may have the following rights under applicable law:

• To confirm whether or not we are processing your personal data
• To access your personal data
• To correct inaccuracies in your personal data
• To delete your personal data
• To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format

You may also have the right to opt out of the processing of personal data for purposes of targeted advertising or the sale of personal data, if applicable. To opt-out, turn on a recognized opt-out preference signal, such as Global Privacy Control, in your browser or extension. Please note that when you submit an opt-out, we do not know who you are within our systems, and your opt-out will only apply to personal data collected from tracking technologies on the specific browser from which you opt-out. If you delete or reset your cookies, or use a different browser or device, you will need to reconfigure your settings. If you want the opt-out to also apply to personal data we have about you in our systems, such as your email address, please provide your contact identifiers through the above link as requested or make sure you are logged into your account when submitting the opt-out. Opt-outs also apply to any pseudonymous profiles we maintain associated with your browser or device.

If applicable, you can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.

If we refuse to take action on a request, you may appeal our decision within a reasonable period of time by contacting us at the email address below, and specifying that you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows:

• For Colorado residents, to the Colorado AG go here.
• For Connecticut residents, to the Connecticut AG go here.
• For Virginia residents, to the AG go here.

Nevada

If you are a Nevada consumer, if applicable you may have the right to direct us not to sell certain information that we have collected or will collect about you. To exercise this right, please contact us at the email address below, and specify you wish to exercise this right.