Effective as of July 1, 2022.
If you are a California resident, see the California Privacy Rights Notice below.
If you are located in the European Economic Area or the United Kingdom, see the Supplemental Notice to Individuals in the European Economic Area and United Kingdom below.
Table of Contents
1. PERSONAL INFORMATION WE COLLECT
2. HOW WE USE YOUR PERSONAL INFORMATION
3. HOW WE SHARE YOUR PERSONAL INFORMATION
7. INTERNATIONAL DATA TRANSFER
11. CALIFORNIA PRIVACY RIGHTS NOTICE
12. SUPPLEMENTAL NOTICE TO INDIVIDUALS IN THE EUROPEAN ECONOMIC AREA and uk
1. PERSONAL INFORMATION WE COLLECT
Information you provide to us. Personal information you may provide to us through the Service or otherwise includes:
- Contact data, such as your first and last name, email address and phone number.
- Profile data, such as your username, in-game name, and password that you may set to establish an online account with us, third party account identifiers, game ownership information, information about your participation in our events, promotions, sweepstakes, contests, or surveys, and any other information that you add to or is associated with your account profile.
- Communications that we exchange, including when you contact us with questions or feedback, through social media, or otherwise, or that you exchange on or through the Service, such as with other players.
- Research data that you provide when you agree to participate in our surveys, promotions, or contests, such as your survey responses.
- Payment and transactional data to complete your purchases or payments on or through the Service (including payment card, bank account, and billing information), and your purchase history.
- User generated content, such as posts, fan art, videos, messages, and other content that you can choose to upload to our forums or otherwise make available on the Service, as well as associated metadata.
- Marketing data, such as your preferences for receiving communications about our marketing communications and details about your engagement with them.
- Job application data, such as professional credentials and skills, educational and work history, LinkedIn profile page, personal website, authorization to work in the U.S., immigration status, criminal history, and other information that may be included on a resume or curriculum vitae as well as in a cover letter. This may also include diversity information that you voluntarily provide.
Third party sources. We may combine personal information we receive from you with personal information we obtain from other sources, such as:
- Public sources, such as social media platforms and other publicly available sources.
- Affiliate partners, such as content creators, influencers, and promoters who participate in our paid affiliate programs.
- Marketing partners, such as joint marketing partners with whom we have entered into joint marketing relationships.
Automatic data collection. We, our service providers, and our business partners may automatically collect information about you, your computer or mobile device, your interactions over time with the Service, our communications and other online services, such as:
- Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.
- Online activity data, such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Service, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.
- In-game data, such as information regarding your in-game performance and interactions with other players (e.g., win/loss ratio, characters played, statistics).
2. HOW WE USE YOUR PERSONAL INFORMATION
We may use your personal information for the following purposes or as otherwise described at the time we collect it:
Service delivery. We may use your personal information to:
- provide, operate and improve the Service and our business;
- process payments and complete transactions with you;
- communicate with you about the Service, including by sending announcements, updates, security alerts, and support and administrative messages;
- understand your needs and interests, and personalize your experience with the Service and our communications; and
- provide support for the Service, and respond to your requests, questions and feedback.
Research and development. We may use your personal information for research and development purposes, including to analyze and improve the Service and our business. As part of these activities, we may create aggregated, de-identified or other anonymous data from personal information we collect. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.
Marketing and advertising. We and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes:
- Direct marketing. We may send you Super Evil-related direct marketing communications as permitted by law. You may opt-out of our marketing communications as described in the Opt-out of marketing section below.
To manage our recruiting and process job applications. We may use personal information, such as data submitted to us in a job application, to facilitate our recruitment activities and process job applications, such as by evaluating a candidate for a job, and monitoring recruitment statistics.
Compliance and protection. We may use your personal information to:
- comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities;
- protect our, your or others’ rights, privacy, safety or property (including by making and defending legal claims);
- audit our internal processes for compliance with legal and contractual requirements or our internal policies;
- enforce the terms and conditions that govern the Service; and
- prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
With your consent. In some cases, we may specifically ask for your consent to collect, use or share your personal information.
3. HOW WE SHARE YOUR PERSONAL INFORMATION
Service providers. Companies and individuals that provide services on our behalf or help us operate the Service or our business (such as information technology, hosting, customer relationship management and support, fraud detection, communications delivery, marketing, advertising, and website analytics).
Advertising partners. Third party advertising companies that collect information about your activity on the Service and other online services to help us advertise our services, and/or use customer lists that we share with them to deliver ads on their platforms on our behalf to those customers and similar users.
Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
Business transferees. Acquiring and other relevant parties to business transactions ( or negotiations of or due diligence for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Super Evil or our affiliates (including, in connection with a bankruptcy or similar proceedings).
Other users and the public. Certain in-game information, such as your in-game name and statistics, are visible to other users of the Service and the public. Where your personal information can be seen, collected, and used by others, including being cached, copied, screen captured or stored elsewhere by others (e.g., search engines), we are not responsible for any such use of data.
4. YOUR CHOICES
You have the following choices with respect to your personal information.
Access or update your information. If you have registered for an account with us, you may review and update certain account information from your account.
Opt-out of marketing communications. You may opt-out of marketing-related emails by following the opt-out or unsubscribe instructions at the bottom of the email, or by contacting us. Please note that if you choose to opt-out of marketing-related emails, you may continue to receive service-related and other non-marketing emails. If you receive marketing text messages from us, you may opt out of receiving further marketing text messages from us by replying STOP to our marketing message.
Cookies. For information about cookies employed by the Service and how to control them, see our Cookie Notice.
Advertising choices. You can limit use of your information for interest-based advertising by de-selecting the option beginning with “Allow us and our partners to collect user data to make the ads you see more relevant” in the in-game options menu, disabling permission to track your device in your iOS privacy settings if you have an Apple device, or deleting your advertising ID in your privacy settings if you have an Android device.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Declining to provide information. We need to collect personal information to provide certain services. If you do not provide the information we identify as required or mandatory, we may not be able to provide those services.
Access, amend, deletion, and opt-out. You may contact us to request access to, update or correct inaccuracies in, delete, or opt-out of certain uses of, your personal information. We will respond as required by law.
5. OTHER SITES AND SERVICES
The Service may contain links to websites, mobile applications, embedded content, and other online services hosted on or operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or other online services that are not associated with us. We do not control websites, mobile applications or online services operated by third parties, and we are not responsible for their actions.
We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies and we cannot guarantee the security of your personal information.
7. INTERNATIONAL DATA TRANSFER
We are headquartered in the United States and may use service providers that operate in other countries. Your personal information may be transferred to the United States or other locations where privacy laws may not be as protective as those in your state, province, or country.
Users in the UK and the EEA should read the important information provided in the EEA/UK supplemental notice below about transfer of personal information outside of the EEA and UK, as applicable.
We do not intentionally collect the personal information of children under 16 years of age. If we learn that we have collected personal information through the Service from a child under 16 without the consent of the child’s parent or guardian as required by law, we will delete it.
10. HOW TO CONTACT US
Mail: 119 S B Street, Ste A, San Mateo, CA, 94401, United States
11. CALIFORNIA PRIVACY RIGHTS NOTICE
Scope. This section applies only to California residents. It describes how we collect, use, and share the Personal Information of California residents in our capacity as a “business” under the California Consumer Privacy Act (“CCPA”) and their rights with respect to their Personal Information. For purposes of this section, “Personal Information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA.
In some cases we may provide a different privacy notice to certain categories of California residents, such as job applicants, in which case that notice will apply instead of this section.
Your California privacy rights. As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.
- Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
- The categories of Personal Information we have collected.
- The categories of sources from which we collected the Personal Information.
- The categories of third parties with whom we share the Personal Information.
- The categories of Personal Information that we sold or disclosed for a business purpose.
- The categories of third parties to whom the Personal Information was sold or disclosed for a business purpose.
- The business or commercial purpose for collecting and/or selling Personal Information.
- Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
- Deletion. You can ask us to delete the Personal Information that we have collected from you.
- Opt-out of sales. You can opt-out of any sale of your Personal Information.
- Nondiscrimination. You are entitled to exercise the rights described above free from discrimination as prohibited by the CCPA.
How to exercise your rights
You may submit requests to exercise your California privacy rights described above as follows:
- Right to information, access and deletion. You may submit requests to exercise your right to information, access or deletion by:
- Notice of right to opt-out of the “sale” of your Personal Information. Like many companies, we use services that help deliver interest-based ads to users of our mobile games as described in the Interest-based advertising section above. While we do not “sell” Personal Information in the conventional sense, our use of these services may constitute a statutory “sale” of Personal Information to the providers of those services for purposes of the CCPA. You can request to opt-out out of this “sale” of your Personal Information by de-selecting the option beginning with “Allow us and our partners to collect user data to make the ads you see more relevant” in the in-game options menu, disabling permission to track your device in your iOS privacy settings if you have an Apple device, or deleting your advertising ID in your privacy settings if you have an Android device. .
We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. We will need to verify your identity to process your information, access and deletion requests and reserve the right to confirm your California residency. To verify your identity, we may require you to log into your Super Evil account (if applicable), provide government identification, give a declaration as to your identity under penalty of perjury and/or provide additional information. Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity, and provide us with written confirmation that you have given the authorized agent permission to submit the request. Authorized agents are required by California law to implement and maintain reasonable security procedures and practices to protect their clients’ information.
Personal information that we collect, use and disclose
|Statutory category of personal information (PI)
(Cal. Civ. Code § 1798.140)
|PI we collect in this category (See Personal information we collect above for description)||Source of PI||Business/
commercial purpose for collection
|Categories of third parties to whom we “disclose” PI for a business purpose||Categories of third parties to whom we “sell” PI|
|California Customer Records (as defined in California Civil Code section 1798.80)||
|Internet or Network Information||
|Inferences||May be derived from your:
|Professional or Employment Information||
12. SUPPLEMENTAL NOTICE TO INDIVIDUALS IN THE EUROPEAN ECONOMIC AREA AND UNITED KINGDOM
If you are located in the European Economic Area (“EEA”) or the United Kingdom (“UK”), and access the Service, this notice applies to you..
Controller. Super Evil Mega Corp. Inc. is the controller of your personal information.
EU representative and UK representative. Our EU and UK representative is:
Data Protection Representative Limited (also known as DataRep)
If you want to raise a question to Super Evil Mega Corp., or otherwise exercise your rights in respect of your personal data, you may do so by:
- sending an email to DataRep at firstname.lastname@example.org,
- contacting us on our online webform at www.datarep.com/superevilmegacorp, or
- mailing your inquiry to DataRep at the most convenient of the addresses in the subsequent pages.
PLEASE NOTE: when mailing inquiries, it is ESSENTIAL that you mark your letters for ‘DataRep’ and not ‘Super Evil Mega Corp.’, or your inquiry may not reach us. Please refer clearly to Super Evil Mega Corp. in your correspondence. On receiving your correspondence, Super Evil Mega Corp. is likely to request evidence of your identity, to ensure your personal data and information connected with it is not provided to anyone other than you.
|Austria||DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria|
|Belgium||DataRep, Place de L’Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium|
|Bulgaria||DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria|
|Croatia||DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia|
|Cyprus||DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus|
|Czech Republic||DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic|
|Denmark||DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark|
|Estonia||DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia|
|Finland||DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland|
|France||DataRep, 72 rue de Lessard, Rouen, 76100, France|
|Germany||DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany|
|Greece||DataRep, 24 Lagoumitzi str, Athens, 17671, Greece|
|Hungary||DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary|
|Iceland||DataRep, Kalkofnsvegur 2, 101 Reykjavík, Iceland|
|Ireland||DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland|
|Italy||DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy|
|Latvia||DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia|
|Liechtenstein||DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria|
|Lithuania||DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania|
|Luxembourg||DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg|
|Malta||DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta|
|Netherlands||DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands|
|Norway||DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway|
|Poland||DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland|
|Portugal||DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal|
|Romania||DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857, Romania|
|Slovakia||DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia|
|Slovenia||DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia|
|Spain||DataRep, Calle de Manzanares 4, Madrid, 28005, Spain|
|Sweden||DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE – 211 46, Sweden|
|United Kingdom||DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom|
|Processing purpose (click link for details)||Legal basis|
|Service delivery: We need to process your personal information operate the Service, including managing your account or transactions, responding to your requests or inquiries, providing you with access to content or information you requested, etc.||Processing is necessary to perform the contract governing our provision of the Service or to take steps that you request prior to signing up for the Service.
Where we cannot process your personal information as required to operate the Service on the grounds of contractual necessity, we process your personal information for this purpose based on our legitimate interest in providing you with the Service you access and request.
|Marketing and advertising: We and our third-party advertising partners may collect and use your personal information for marketing and advertising purposes.||Processing is based on your consent where that consent is required by applicable law. Where such consent is not required by applicable law, we process your personal information for these purposes based on our legitimate interests in promoting our business.|
|Research and development: We may use your personal information for research and development purposes, including to analyze and improve the Service and our business.||These activities constitute our legitimate interests.|
|We may need to process your personal information for additional purposes, such as:
||We rely on our legitimate interests to process your personal information when performing these processing activities. We do not use your personal information for these purposes where our interests are overridden by the impact on you.|
|Compliance with legal obligations: We are subject to certain legal obligations that may oblige us to disclose your personal information to courts, law enforcement or regulatory authorities.||Processing is necessary to comply with our legal obligations.|
|Actions we take with your consent:
||In these scenarios, the processing of the personal information you voluntarily provide to us is based on your consent. Where we rely on your consent, you have the right to withdraw it any time in the manner indicated when you consent to the processing.|
Special categories of data / Sensitive personal information
We ask that you not provide us with any sensitive personal information (e.g., social security numbers, information related to racial or ethnic origin, political opinions, religion or other beliefs, biometrics or genetic characteristics, criminal background or trade union membership) through the Service or otherwise. If you do not consent to our processing and use of such sensitive personal information, you must not provide it to us.
We apply a general rule of keeping personal information only for so long as is required to fulfill the purpose for which it was collected. However, in some circumstances, we will retain your personal information for longer periods of time. We will retain personal information for the following purposes: (i) as long as it is necessary and relevant for our operations and to provide the Service, e.g. so that we have an accurate record of your dealings with us in the event of any complaints or challenge; and (ii) in relation to personal information from closed accounts to comply with applicable laws, prevent fraud, collect any fees owed, resolve disputes, troubleshoot problems, assist with any investigation, enforce the Service terms and take other actions as permitted by law. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
European data protection laws give you certain rights regarding your personal information. If you are located within the UK or EEA, you may ask us to take the following actions in relation to your personal information that we hold:
- Information. You can obtain information about how and on what basis your personal information is processed and a copy of these information.
- Access. Provide you with information about our processing of your personal information and give you access to your personal information.
- Correct. Update or correct inaccuracies in your personal information.
- Delete. Delete your personal information in limited circumstances where (i) you believe that it is no longer necessary for us to hold your personal information; (ii) we are processing your personal information on the basis of legitimate interests and you object to such processing, and we cannot demonstrate an overriding legitimate ground for the processing; (ii) where you have provided your personal information to us with your consent and you wish to withdraw your consent and there is no other ground under which we can process your personal information; and (iv) where you believe the personal information we hold about you is being unlawfully processed by us.
- Portability. Provide a structured, machine-readable copy of your personal information to you or a third party of your choice.
- Restrict. Restrict the processing of your personal information where: (i) the accuracy of the personal information is contested; (ii) the processing is unlawful but you object to the erasure of the personal information; (iii) we no longer require the personal information for the purposes for which it was collected, but it is required for the establishment, exercise or defence of a legal claim; or (iv) you have objected to us processing your personal information based on our legitimate interests and we are considering your objection.
- Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
- Withdraw consent. You have the right to withdraw your consent at any time where we rely on your consent to process your personal information.
- Cross-Border Data Transfer. You can obtain a copy of or access safeguards under which your personal information is transferred outside of the EEA.
- Direct marketing. If your personal information is processed for direct marketing purposes, you have the right to object at any time to the processing of personal information concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. In this case your personal information will no longer be processed for such purposes by us.
You may submit these requests by email to email@example.com or our postal address provided above in the How to contact us section. We may request specific information from you to help us confirm your identity and process your request. We reserve the right to charge a fee where permitted by law. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Please note that the right of access and the right to delete do not constitute absolute rights and the interests of other individuals may restrict your right of access or deletion in accordance with local laws.
Cross-Border Data Transfer
We may transfer your personal information outside of the EEA and/or UK. Some of these recipients may be located in countries in respect of which either the European Commission and/or UK Government (as and where applicable) has issued adequacy decisions, in which case, the recipient’s country is recognized as providing an adequate level of data protection under UK and/or European data protection laws (as applicable) and the transfer is therefore permitted under Article 45 of the GDPR.
Some recipients of your personal data may be located in countries outside the EEA and/or the UK for which the European Commission or UK Government (as and where applicable) has not issued adequacy decisions in respect of the level of data protection in such countries (“Restricted Countries“). For example, the United States is a Restricted Country. Where we transfer your personal information to a recipient in a Restricted Country, we will either:
- enter into appropriate data transfer agreements based on so-called Standard Contractual Clauses approved from time-to-time under GDPR Art. 46 by the European Commission, the UK Information Commissioner’s Office or UK Government (as and where applicable); or
- rely on other appropriate means permitted by the EEA/UK GDPR, which establish that such recipients will provide an adequate level of data protection and that appropriate technical and organizational security measures are in place to protect personal information against accidental or unlawful destruction, loss or alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.
You may ask for a copy of such appropriate data transfer agreements, where applicable, by contacting us using the contact details above.
Super Evil complies with the requirements of the EU-U.S. Privacy Shield Framework, as set forth by the U.S. Department of Commerce, regarding the collection, use and retention of personal information from the European Union (“EU”) and United Kingdom to the United States (collectively “Privacy Shield”). However, Super Evil does not rely on the Privacy Shield as a legal basis for transfers of personal data in light of the judgment of the Court of Justice of the EU in Case C-311/18.