HOW & WHEN WE COLLECT YOUR PERSONAL DATA
TYPES OF PERSONAL DATA WE COLLECT
WHY & HOW WE USE YOUR PERSONAL DATA
WHAT THE DIFFERENT LAWFUL BASES MEAN
KEEPING YOUR PERSONAL DATA SECURE
WHO WE SHARE PERSONAL DATA WITH
WHERE YOUR PERSONAL DATA IS PROCESSED
HOW LONG WE HOLD YOUR DATA FOR
YOUR RIGHTS OVER YOUR PERSONAL DATA
CHANGES AND UPDATES TO THIS PRIVACY NOTICE
Hi. We’re Square Enix Limited. You probably know us from all the SQUARE ENIX®, EIDOS®, Crystal Dynamics® and TAITO® branded entertainment content we develop, publish, distribute and license, including: FINAL FANTASY®, DRAGON QUEST®, TOMB RAIDER® and SPACE INVADERS®.
This Privacy Notice applies to you if you are a customer or subscriber of Square Enix Limited or if you are just visiting one of our websitew where this Privacy Notice is posted. So please take the time to read this Privacy Notice, as it explains how we protect your information and respect your privacy.
From the moment you begin interacting with Square Enix Limited, we are collecting information. Sometimes the personal data we collect is provided by you and sometimes it is collected automatically.
You give us data when you: register a Square Enix Members account or Square Enix Account, use our paid-for services, apply for a job with us, opt-in to our marketing messages, call us, email us, live chat with us online, chat to us in-game, make a purchase from us, enter one of our competitions and/or answer one of our surveys.
We collect your data automatically when you: browse any of our website pages, receive an email from us, log into your Square Enix Members or Square Enix Account, play one of our games, live chat with us online, chat to us in-game and/or make a purchase from us.
Your name, address, telephone number and email address.
Your bank account number and credit/debit card details.
Your birth date, IP address, login information, browser type and version, time zone setting, browser plug-in types, geolocation information about where you might be, operating system and version, Google AdID and Apple IDFA.
Your URL clickstreams (the path you take through our site), products/services you view or purchase, page response times, download errors, how long you stay on our pages, what you do on those pages and other actions.
The gaming platform you are using, mobile and hardware identifiers, device event information, crash reports, language options you choose, subtitles selected, version of the game being played, game feature usage, player performance and progression, in-game purchases, downloadable content purchases, micro transactions, timezone, timestamp, session duration, challenges or gifts sent to other players and number of friends on the platform
Online ID, email address, geolocation, language and date of birth
Nickname, friends list, email address, geolocation, language and date of birth
Gamertag, email address, geolocation, language and date of birth
SteamID, email address, geolocation, language and date of birth
Username, device ID and purchase history
Name, email address and friends playing the same game
Name, email address, employment history, references, education history, results of pre-employment screening, relevant experience, achievements, skills and qualifications and the outcome of any interviews or tests that are part of the recruitment process
What about really sensitive data?
We do not collect any "sensitive data" about you (data that is intended to identify your racial or ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about your sexual life or orientation and criminal offences or alleged offences). So, please do not send us your sensitive data, or post it anywhere on our services.
What about children’s data?
We do not target our games to children under 13 and we do not knowingly collect any personal data from any person under 13 years of age without verifiable parental consent.
If you think we have unintentionally collected personal data from someone under the age of 13, please let us know.
We will only use your personal data for certain specified reasons and only where we have a lawful basis to do so. Below are the reasons we use your personal information and the lawful bases for doing so:
Keeping our websites and gaming services running
Providing you our games and services online, login authentication, age verification, remembering your settings, processing payments, hosting and back-end infrastructure.
Our lawful bases for this use of your data are: contract and legitimate interests
Troubleshooting and solving technical issues over live chat, phone, email and in-game chat and making necessary changes to our products and services, monitoring your participation in our forums and all parts of our services that allow you to publicly post information or interact with other users.
Our lawful basis for this use of your data is: contract
Traffic optimisation, in-game data analytics and research, including profiling and the use of machine learning (we sometimes use carefully selected third parties to do this on our behalf), managing landing pages and heat mapping our sites.
Our lawful bases for this use of your data are: contract and legitimate interests
Evaluate your suitability for a role that you have applied for, verify your academic qualifications and work experience, review and audit our recruitment process and its outcomes and identify any future employment opportunities that you may be suitable for.
Our lawful basis for this use of your data is: legitimate interests
Process your entry into contests, surveys or other promotional events that we run from time to time, should you decide to participate in them.
Our lawful basis for this use of your data is: consent.
Sending you communications about our services, products and features that you have agreed to receive.
Our lawful bases for this use of your data is: consent
This section explains what the lawful bases we rely on for processing your personal data actually mean.
Consent
You have provided us clear and unambiguous consent for us to process your personal information for a specific purpose. You have the right to withdraw this consent at any time.
Contract
We need to process your personal information for us to fulfil our contractual relationship with you.
Legitimate interests
We need to process your personal information for our legitimate interests or the legitimate interests of a third party. Our legitimate interests are:
We will treat your data with the utmost care and take all reasonable steps to protect it. With that in mind, we have a range of robust policies, processes and technical measures in place, and maintain physical, technical and administrative safeguards, to protect your personal information.
We secure access to all transactional areas of our websites and apps: access to your personal data is password-protected, transactional information is secured and tokenised to ensure it is protected and our systems are regularly monitored for possible vulnerabilities and attacks.
However, remember that, unfortunately, no data transmission is guaranteed to be 100% secure and you are always responsible for keeping your username and password secret and safe!
If you believe your personal data has been breached, please contact us immediately at DPO@eu.square-enix.com.
Third parties process information about your purchases and use of our games on our behalf. We provide these trusted third parties only the information they need to perform their specific services for the exact purposes we specify in our contract with them. If we stop using their services, any of your data held by them will either be securely and permanently deleted or rendered irreversibly anonymous. In all cases, we apply measures to keep your data safe and your privacy protected.
We share your personal data with third-party IT companies who support our website and other business systems and direct marketing companies who help us manage our electronic communications with you.
We also share personal data with Google, Facebook and other third-party ad partners so they can show you products that might interest you while you are browsing the internet. For example, if you provide us with your email address we may share it with Facebook so that you can receive targeted ads from us when you use Facebook, and so that other users of Facebook who share similar interests to you can also receive targeted ads from us. This is based on either your consent to marketing or your acceptance of cookies on our websites. Have a look at our Cookies Policy for more info on Cookies and how you can control them.
Under very specific circumstances, we will share your personal data with third parties (including law enforcement bodies) in order to respond to fraudulent or criminal (or potentially fraudulent or criminal) activity on our systems or at our events. We may also be required by law to disclose your personal data to the police or to another law enforcement, regulatory or government body, in your country of origin or elsewhere, upon receiving a legally valid request to do so. We assess these requests on a case-by-case basis, and we take the privacy of our customers into consideration when responding.
We are a global organisation, so we sometimes need to share your personal data with our other offices, or with other third parties and suppliers, who are located outside the European Economic Area (“EEA”).
When it is necessary for us to transfer your personal data out of the EEA, we will only do so where the transfer is authorised under applicable EU law, including where the transfer is made to a country the European Commission has deemed to have adequate data protection laws, is governed by the Standard Contractual Clauses for data transfers between EU and non-EU countries or is authorised by another recognized transfer mechanism under applicable law. For transfers to the U.S. we do so under the E.U.-U.S. and Swiss-U.S. Privacy Shield Framework, which we participate in. This is to ensure that suitable safeguards to protect the privacy and security of your personal data is applied and is consistent with your relationship with us and the practices described in this Privacy Notice. To learn more about the Privacy Shield Framework, and to view our certification, please visit http://www.privacyshield.gov. A list of companies certified under the Privacy Shield Framework is available at: https://www.privacyshield.gov/list.
We will only retain your personal data for as long as you are a customer and/or are using our services and for no longer than is necessary after that. We will securely destroy or irreversibly anonymise the information once it is no longer necessary to retain it. For more information on where and how long your personal data is stored please contact us DPO@eu.square-enix.com.
You have the right to request information about: the purpose of the processing; the categories of personal data concerned; any third parties outside our company who might have received your personal data from us; where we got your personal data (if you didn’t provide it directly to us); and how long your personal data will be stored.
You also have the right to correct (rectify) the record of your personal data maintained by us if it is inaccurate, request that we erase that data or cease processing it (subject to certain exceptions) and request that we cease using your data for direct marketing purposes.
When technically feasible we will—at your request and subject to certain exceptions —transmit your personal data directly to another organisation.
You may also lodge a complaint regarding our use of your personal data. We ask that you please tell us first so we can have a chance to look into your concerns. If you remain unsatisfied, you can contact the Information Commissioners Office on their website at www.ico.org.uk.
For more information or to make a data subject access rights request, please contact us at DSAR@eu.square-enix.com or write to us at:
FAO: Data Protection Officer
Square Enix Ltd
240 Black Friars Road
London, UK
SE1 8NW
Square Enix Limited is headquartered in London, in the United Kingdom. We have appointed a data protection officer for you to contact if you have any questions or concerns about your personal data. Our data protection officer can be contacted at:
DPO@eu.square-enix.com, or by writing to
FAO: Data Protection Officer
Square Enix Ltd
240 Black Friars Road
London, UK
SE1 8NW
As our services and products change from time to time, you should expect this Privacy Notice to change as well. We reserve the right to amend this Privacy Notice at any time, for any reason. We will make all reasonable endeavours to notify you of any changes. We may also email periodic reminders of this Privacy Notice, and will email customers who have a registered Square Enix Account or Square Enix Members account of any material changes to this Privacy Notice. Nevertheless, you should check here regularly to see the current Privacy Notice that is in effect and any changes that may have been made to it.
You made it to the end! We do hope you have enjoyed reading this Privacy Notice and we commend you on your dedication to understanding how we handle your personal data and your rights to control it. If this Privacy Notice hasn’t answered all your questions, or if you have any comments or ideas about how we can make this Privacy Notice even better, please don’t hesitate to contact our DPO at:
DPO@eu.square-enix.com or in writing to
FAO: Data Protection Officer
Square Enix Ltd
240 Black Friars Road
London, UK
SE1 8NW