esrb

SQUARE ENIX, INC.
PRIVACY NOTICE

Revised: May 30, 2018

Introduction

Hi. We’re Square Enix, Inc. You probably know us from all the SQUARE ENIX®, EIDOS®, Crystal Dynamics®, and TAITO® branded entertainment content we develop, publish, distribute and license, including: FINAL FANTASY®, DRAGON QUEST®, TOMB RAIDER®, and SPACE INVADERS®.

This Privacy Notice describes how Square Enix, Inc. and our affiliates (collectively “Square Enix,” “Company,” or “we,” “our,” or “us”) collect, use, and share information about you when you use our various products and services (collectively, the “Services”). This Privacy Notice applies if you are a customer or subscriber of Square Enix, Inc. or if you are visiting a website where this Privacy Notice is posted. This Privacy Notice does not apply to information collected by third parties that may interact with our Services (e.g., a social media plug-in such as a Facebook like button), or to our data collection activities outside of our Services (e.g., through websites that support specific products, which may have different privacy policies). It also does not apply to information collected through the Services from data subjects located in the European Union. If you are a data subject located in the European Union, please see our Square Enix Limited Privacy Notice.

In addition, please review the Square Enix, Inc. Terms of Service (“SEA Terms of Service”), which governs your use of the Services. By using our Services, you consent to this Privacy Notice and SEA Terms of Service and our collection, storage, sharing and use of your information and data, and other activities, as described. If you do not agree to this Privacy Notice, do not access the Services, and in the case of mobile applications, uninstall the mobile applications immediately.

This Privacy Notice and the ESRB certification seals shown on our Services confirm that Square Enix is a valid licensee, and participating member, of the Entertainment Software Rating Board's Privacy Certified Program (“ESRB Privacy Certified”). To protect your privacy, we have voluntarily undertaken this privacy initiative, and all of our Services where this Privacy Notice is posted have been reviewed and certified by ESRB Privacy Certified to meet established online information collection, use, and disclosure practices. As a licensee of this privacy program, we are subject to audits of our Services and other enforcement and accountability mechanisms administered independently by ESRB Privacy Certified.

Square Enix participates in the E.U.-U.S. and Swiss-U.S. Privacy Shield Framework. To learn more, click here.

Table of Contents

  1. The Types of Information We Collect from You and How We Collect It
  2. How We Use the Information We Collect From You
  3. Third Parties with Whom We Share Your Information
  4. Third-Party Ads and Analytics
  5. Your Choices
  6. Your Rights over Your Information
  7. International Transfers of Information
  8. Children's Data
  9. Keeping Your Information Secure
  10. Questions or Complaints
  11. Changes to this Privacy Notice
  1. The Types of Information We Collect from You and How We Collect It

    From the moment you begin interacting with the Services we are collecting information. This information includes information that identifies or can be used to identify you personally.

    Sometimes you choose to provide this information to us and other times we collect it from you automatically. For example, you choose to provide us certain information when you register a Square Enix Membership account or Square Enix Account, use our paid-for services, apply for a job with us, agree to receive marketing messages from us, call us, email us, live chat with us online, chat to us in-game, make a purchase from us, enter one of our competitions, respond to one of our surveys, or post in our forums. And we collect your data automatically when you browse our websites, login to your Square Enix Members or Square Enix Account, play one of our games, live chat with us online, chat in-game, or make a purchase from us.

    Here are some examples of the types of information we collect from you when you use the Services.

    • personal details – e.g., your name, address, telephone number, email address, and birthday.
    • transactional information – e.g., your bank account number and credit/debit card information.
    • credentialse.g., your password and password hints.
    • information relating to the browser or device you use to access the Services e.g., IP address, login information, browser type and version, time zone setting, browser plug-in type, operating system and version, and Google AdID, Apple IDFA, or other device identifier.
    • information on how you use our websites – e.g., your URL clickstreams (the path you take through our site), products you view or purchase, webpage response times, download errors, how long you stay on webpages, and what you do on those webpages.
    • information about the location of your devicee.g., precise location data with your opt-in consent (such as latitude/longitude) and imprecise location data (such as data derived from an IP address or that indicates a city or postal code level).
    • information on how you use our games – e.g., the gaming platform you are using, mobile and hardware identifiers, device event information, crash reports, language options you choose, subtitles selected, version of the game being played, game feature usage, player performance and progression, in-game purchases, downloadable content purchases, micro transactions, timezone, timestamp, session duration, challenges or gifts sent to other players, and number of friends on the platform.
    • information we receive when you interact with third-party platforms – e.g., PlayStation® (online ID, email address, geolocation, language, and date of birth), Nintendo (nickname, friends list, email address, geolocation, language, and date of birth), Xbox Live (gamertag, email address, geolocation, language, and date of birth), mobile platforms (username, device ID, and purchase history), and Facebook (name, email address, and friends playing the same game).

    Information You Disclose Publicly: The Services may permit you to submit content on various public channels like blogs, message boards, and through gameplay. We or others may store, display, publish, or otherwise use this content in perpetuity, and may or may not attribute it to you. Please note that we do not control who will have access to information you choose to make public, and cannot ensure that parties who have access to such publicly available information will respect your privacy or keep it secure. Please think carefully before sharing any information on the Services.

    Information Third Parties Provide about You: We may, from time to time, supplement the information we collect directly from you on our Services with outside records from third parties for various purposes, including to enhance our ability to serve you, to tailor content and ads to you, and to offer you opportunities that may be of interest to you.

    Third-Party Logins: The Services may include the option to register or log in to an account using Facebook, Google, or another third-party service. By doing so, you provide us with access to certain information from your social media profile, such as your name, email address, photo, gender, birthday, location, friends, people you follow/who follow you, content you post, or likes you make. We use this information to do things like give you exclusive content, personalize your experience on the Services, or advertise to you online, and you consent to the use of this information in accordance with this Privacy Notice. Please be aware that these third parties are not subject to this Privacy Notice, and we are not responsible for their practices. You should review the applicable third parties’ privacy policies before using their tools to interact with the Services.

    Tracking Technologies: We use various technologies to collect information from you, including as follows:

    • Log Files. A log file is a file that records events that occur in connection with your use of the Services.
    • Cookies: A cookie is a data file placed on your device when you visit the Services. Cookies may be used for many purposes, such as remembering you and your preferences, supporting our security features, and tracking your visits to and activities on and off the Services, including for purposes of bringing you relevant advertising. Some features of the Services may not function properly if you choose to disable cookies, and some types of cookies may not be disabled using browsers. In some instances, especially with respect to mobile, we may require you to uninstall/not use the Services rather than have a poor experience from disabling cookies. Please review our Square Enix, Inc. Cookie Policy for more information.
    • Embedded Scripts: An embedded script is programming code that is designed to collect information about your interactions with the Services, such as the links you click on. The code temporarily downloaded onto your device from our web server or a third-party service provider is active only while you are connected to the Services, and is deactivated or deleted thereafter.
    • Pixels: A pixel (also known as a web beacon) is code embedded in a website, video, email, or advertisement that sends information about your use to a server. When you access a website, video, email, or advertisement that contains a pixel, the pixel may permit us or a third party to drop or read cookies on your browser. Pixels are used in combination with cookies to track activity by a particular browser on a particular device. We may incorporate pixels from third parties that allow us track our conversions, bring you advertising both on and off the Services, and provide you with additional functionality, such as the ability to connect our Services with your social media account.
    • ETag, or entity tag: A feature of the cache in browsers, an ETag is an opaque identifier assigned by a web server to a specific version of a resource found at a URL. If the resource content at that URL ever changes, a new and different ETag is assigned. ETag tracking may generate unique tracking values even where the consumer blocks HTTP, Flash, and HTML5 cookies.
    • Location-Identifying Technologies: GPS, WiFi, Bluetooth, and other location-aware technologies may be used to collect precise location data when you enable location-based services through your device.
    • App Technologies: There are a variety of technologies that may be included in our apps that are not browser-based like cookies and cannot be controlled by browser settings. For example, our apps may include third party SDKs, which is code that sends information about your use to a server. These SDKs allow us track our conversions, bring you advertising both on and off the Services, and provide you with additional functionality, such as the ability to connect our Services with your social media account.

    As noted above, third parties may also use Tracking Technologies with our Services. We do not control those third-party Tracking Technologies and you should visit those third parties’ websites for information about their privacy practices.

    For more information on advertising and related tracking technologies, click here.

    Back to top

  2. How We Use the Information We Collect from You

    We may use your information for the following purposes:

    • to provide you the Services, including by authenticating your login information, verifying your age, and remembering your settings;
    • to improve or develop the Services, including by optimizing traffic, conducting in-game data analytics and research, managing landing pages, and heat mapping our websites;
    • to provide customer support or resolve technical issues;
    • to provide you information that you have requested or agreed to receive, such as electronic newsletters, special offers, or promotional materials;
    • to process payments or transactions;
    • to process your registration of a Square Enix Account, Square Enix Members account, or other account;
    • to customize your experience on the Services, including by serving you (or people like you) targeted advertising and other relevant content;
    • to contact you with regard to your use of the Services or changes to the Services;
    • for internal business purposes;
    • for purposes disclosed at the time you provide your information or as otherwise set forth in this Privacy Notice.

    We may use information that does not identify you (including information that has been de-identified) without obligation to you except as prohibited by applicable law.

    Back to top

  3. Third Parties with Whom We Share Your Information

    We use various third parties to help support and operate the Services or perform certain functions on our behalf. If we share your information with these third parties, we will only provide them with information they reasonably need to perform their specific services for the purposes we specify in our contract with them, although we may permit them to use information that does not identify you for other purposes. If we stop using their services, we will require that any of your information that they hold be securely and permanently deleted or de-identified so that it does not identify you. In all cases, we will apply measures to help keep your data safe and your privacy protected.

    Here are some examples of the types of third parties with which we may share your information:

    • information technology companies who support our websites and other business systems;
    • direct marketing companies who help us manage our electronic communications with you;
    • ad partners like Google and Facebook, so that they can show you products that might interest you;
    • analytics companies who help us analyze how you use the Services;
    • payment processors who facilitate purchases from us and help protect against fraud;
    • applicant-tracking providers who process your application to a job opening we have posted online;
    • console or platform providers who allow you to purchase, access, or play our games;
    • business partners who help us to develop our products or make them available to you;
    • third parties who administer contests, sweepstakes, surveys, or other content on our behalf.

    Third-Party Locations and Services: When you are on the Services, you may be directed to other sites or services that are operated by third parties outside of our control. For example, if you click on a link displayed on the Services you may be taken off the Services to a different site. We are not responsible for the data collection and privacy practices employed by these third parties. We encourage you to pay attention when you leave our Services and to review the privacy policies of any third-party locations you go to.

    Administrative and Legal Disclosures: We disclose your information to third parties: (i) in response to lawful requests by public authorities, including to meet national security or law enforcement requirements; (ii) to satisfy any applicable law, regulation, subpoena, or governmental requestor legal process, or any legal process in connection with a court proceeding or arbitration, if in our good faith opinion we are required or permitted to do so by law; (iii) to investigate potential violations of the SEA Terms of Service or other policies applicable to the Services; (iv) to protect the safety, rights, property or security of the Services, our staff, or any third party; or (v) to detect, prevent, or otherwise address fraud or threats to security.

    Business Transfers: We may share your information with our parent, subsidiary, and affiliate companies within and outside of the United States. In the event some or all of our company will be acquired by another party (or during such negotiations), we may share your information with the acquiring party.

    Consent: We will share your information for any other purpose if we have disclosed that purpose to you and you have consented to it.

    De-identified Information: In our sole discretion, we may share aggregated information that does not identify you or de-identified information about you with third parties or affiliates for any purpose except as prohibited by applicable law.

    Back to top

  4. Third-Party Ads and Analytics

    The Services may use third parties such as network advertisers and ad exchanges to serve targeted advertisements on and off the Services based on your behavior on and off of our Services, and may use third-party analytics, user research, or other similar service providers to evaluate and provide us or other third parties with information about your use of the Services and viewing of ads or content. Network advertisers are third parties that display advertisements, which may be based on your visits to the Services and other locations you have visited.

    Third-party ad serving enables us and others to target advertisements to you or people like you for products and services in which you or people like you might be interested. The Services’ third-party ad network providers, the advertisers, the sponsors and/or traffic measurement services may themselves set and access their own cookies or other Tracking Technologies on your device and browser. These third-party Tracking Technologies may be set to, among other things, help deliver relevant advertisements, prevent you from seeing the same advertisements too many times, or help understand the usefulness of these advertisements to you. Our representations regarding our practices in this Privacy Notice do not extend to the practices of these third-party advertisers and others or the use of the information that such third parties collect. By installing and using our Services, you consent to these practices, including the sharing of data about you with these third parties and their own collection of such data.

    Please note that we adhere to the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising.

    Back to top

  5. Your Choices

    There are various ways in which you can exercise choice and control over the information you provide to us on the Services. Here are some examples:

    Limit the Information You Provide to Us: You can stop all prospective collection of information on our Services by uninstalling and ceasing to use or interact with the Services. You can also decline to provide us with any information we request from you, although please note that this may mean you are not able to use certain parts of the Services (e.g., you will not be able to create an account with us if you do not provide your email address and other information we need to process your registration). With respect to our mobile applications, you may use the standard uninstall process supported by your device, the app, or the marketplace or software through which you acquired the app to stop all prospective information collection through the app.

    Change Your Communications Preferences: You may cancel or modify the email communications you receive from us by following the instructions contained within our promotional emails or, where applicable, by logging into an account you have created for our Services and adjusting your settings. This will not affect subsequent access to the Services. Please note that we reserve the right to send you certain communications relating to your account or use of our Services, such as administrative and service announcements, and you will continue to receive these transactional account messages even if you opt-out from receiving our promotional email communications.

    Analytics and Cookies: You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout and downloading the Google Analytics Opt-out Browser Add-on. You may also be able to manage cookies or other Tracking Technologies by changing your browser settings or by contacting certain third parties directly.

    Third-Party Opt Outs: Some of the advertisers and service providers that perform advertising-related services for us and our partners may participate in the Digital Advertising Alliance ("DAA") Self-Regulatory Program for Online Behavioral Advertising. To learn more about how you can exercise certain choices regarding interest-based advertising, visit http://www.aboutads.info/choices, and http://www.aboutads.info/appchoices for information on the DAA’s opt-out program for mobile apps. Some of these companies may also be members of the Network Advertising Initiative (“NAI”). To learn more about the NAI and your opt-out options for their members, see http://www.networkadvertising.org/choices. Please be aware that, even if you are able to opt out of certain kinds of interest-based advertising, you may continue to receive other types of ads. Opting out only means that those selected members should no longer deliver certain interest-based advertising to you, but does not mean you will no longer receive any targeted content or ads (e.g., from other ad networks). We are not responsible for the effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.

    Location Data: For our mobile apps, you can turn off our collection of precise location data through the settings on your device. You can stop collection of all location data through a particular app by uninstalling that app. 

    App Technologies: For our mobile apps, you can reset your mobile Ad Id through your device settings, which is designed to allow you to limit the use of information collected about you. For information on how to do this on Apple devices, visit Apple.com or https://support.apple.com/en-us/HT202074. For information on how to do this on Android devices, visit www.google.com.

    Do Not Track: Note that your browser settings may allow you to automatically transmit a "Do Not Track" signal to websites and online services you visit. There is no consensus among industry participants as to what "Do Not Track" means in this context. Like many websites and online services, we currently do not alter our practices when we receive a "Do Not Track" signal from a visitor's browser. To find out more about "Do Not Track," you may wish to visit http://www.allaboutdnt.com.

    Back to top

  6. Your Rights over Your Information

    You have the right to access certain account information we have about you. You may review, correct, update, or request the erasure of account information you have provided to us by emailing us at na.privacypolicy@square-enix.com. We will respond to your access request within a reasonable time period. We may require additional information from you to allow us to confirm your identity and properly respond to your request. Nothing in this Privacy Notice is intended to limit any additional rights you may have under local law.

    Please note that it is not always possible to completely remove or delete all of your account information from our databases and residual data may remain on backup media. Also, we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

    You may remove content you have posted on our forums by logging into your account, directly accessing your post, and using the editing tools in our forums (if available). Should you wish to edit or remove any content you have publicly posted, you may contact us with your specific removal request. Please note that we are not required to remove your posted content or information if it has been de-identified or if we are required by law to retain it.

    California Privacy Rights: California Civil Code Section 1798.83 permits California residents who have supplied “personal information,” as defined in the statute, to the Services to (under certain circumstances) request and obtain certain information regarding our disclosure, if any, of certain information to third parties for their direct marketing purposes. We share personal information with our affiliates for those affiliates’ direct marketing purposes. California residents may obtain additional information about our compliance with this law by sending a letter to Square Enix, Inc., Attn: Legal Department, 999 N. Sepulveda Blvd., 3rd Floor, El Segundo, CA 90245. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we may need to request additional information from you to confirm your identity and properly respond to your request.

    European Privacy Rights: If you are a data subject in the European Union or Switzerland whose information was transferred in accordance with the Privacy Shield Framework and you do not consent to this Privacy Notice or our Terms of Service, or would like to ask us not to process your personal data (or not to provide it to third parties to process) for marketing purposes, please email us at na.privacypolicy@square-enix.com, or send a letter addressed to Square Enix, Inc., Attn: SEA Privacy Policy Administrator, 999 N. Sepulveda Blvd., 3rd Floor, El Segundo, CA 90245. We will make the requested changes in our active databases as soon as reasonably practical. Nothing in this Privacy Notice is intended to affect any rights you may have available to you under local law.

    Back to top

  7. International Transfers of Information

    Please be aware that information we collect may be transferred, processed, stored, and used internationally, including in the United States, Canada, Japan, and the European Union. The data protection laws in these countries may differ from those of the country in which you are located, and your information may be subject to access requests from governments, courts, or law enforcement. By using the Services, or providing us with any information, you consent to the transfer to, and processing, usage, sharing, and storage of your information, including personal data, in other countries as set forth in this Privacy Notice.

    Company participates in the E.U.-U.S. and Swiss-U.S Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from the European Union and Switzerland, respectively. For the purpose of this Section 7, “Company” refers to the following legal entities only: Square Enix of America Holdings, Inc., Square Enix, Inc., Square Enix L.L.C., and Crystal Dynamics Inc. Company has certified that it adheres to the Privacy Shield’s Principles of notice; choice; accountability for onward transfer; security; data integrity and purpose limitation; access; and recourse, enforcement, and liability. In accordance with its obligations under the Privacy Shield, and subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission, Company hereby affirms its commitment to subject to the Privacy Shield Principles all personal data received from the European Union and Switzerland in reliance on the Privacy Shield. This means that, in addition to Company’s other obligations under the Privacy Shield Principles, Company shall be liable to you for any third-party agent to which we transfer your personal data and who processes such personal data in a manner that violates the Privacy Shield Principles, unless Company can demonstrate that it is not responsible for the resulting damages.

    Company is committed to resolving any complaints regarding your privacy and our collection and use of your information in accordance with the Privacy Shield Framework. For inquiries or complaints regarding the processing of personal data transmitted to Company from the European Union or Switzerland, please contact us by sending a letter to: Square Enix, Inc., Attn: Legal Department, 999 N. Sepulveda Blvd., 3rd Floor, El Segundo, CA 90245, or by emailing us at na.privacypolicy@square-enix.com. For any complaints we are unable to resolve directly, you may submit your complaint at no cost to you to JAMS at https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim . In the event there are residual complaints that have not been resolved by JAMS or any other means, you may seek a non-monetary remedy through binding arbitration to be provided to you in accordance with the Privacy Shield Principles.

    To learn more about the Privacy Shield Framework, and to view Company’s certification, please visit https://www.privacyshield.gov/welcome. A list of companies certified under the Privacy Shield Framework is available at the following link: https://www.privacyshield.gov/list.

    Back to top

  8. Children’s Data

    We do not knowingly collect or store any personal information as defined by the Children’s Online Privacy Protection Act (“COPPA”) from children without verifiable parental consent, as required by COPPA. There may be instances, such as a sweepstakes, contest, or promotion, in which we collect personal information from a child in order to contact a parent and complete prize fulfillment.

    If you are a parent or guardian of a child under the age of 13 (or different age as may apply in your jurisdiction) and believe he or she has disclosed personal information to us without your consent, please contact us at Square Enix, Inc., Attn: Legal Department, 999 N. Sepulveda Blvd., 3rd Floor, El Segundo, CA 90245. You can also contact us by email at na.privacypolicy@square-enix.com. We will delete the child’s personal information from our records as soon as possible.

    Back to top

  9. Keeping Your Information Secure

    We understand how important data security is to you, and we have implemented various policies, processes, and technical measures to help protect and secure your information. That said, no data transmission is guaranteed to be 100% secure, and we cannot ensure the security of any information you transmit to us. Please take care when transmitting information online, including through the Services, and make sure to keep your passwords and account information secure at all times. In the event we become aware of a data breach involving unencrypted notice-triggering information in our possession, we will notify you as may be required by applicable law.

    Back to top

  10. Questions or Complaints

    If you have any questions or wish to file a complaint, please feel free to email us at na.privacypolicy@square-enix.com, or send a letter addressed to Square Enix, Inc., Attn: Legal Department, 999 N. Sepulveda Blvd., 3rd Floor, El Segundo, CA 90245.

    As previously mentioned, we are a licensee of ESRB’s Privacy Certified Program. If you believe that we have not responded to your inquiry or your inquiry has not been satisfactorily addressed, please contact ESRB Privacy Certified at http://www.esrb.org/privacy/contact.aspx, or ESRB, Attn: Vice President, Privacy Certified Program, 420 Lexington Ave., Suite 2240, New York, NY 10170. You may also email them at privacy@esrb.org.

    Back to top

  11. Changes to this Privacy Notice

    We reserve the right to change this Privacy Notice at any time. Any changes will be effective immediately upon the posting of the revised SEA Privacy Notice. However, if you have registered an account with us we may ask you to opt-in upon sign-in if we make material changes.

    To the extent any provision of this Privacy Notice is found by a competent tribunal to be invalid or unenforceable, such provision shall be severed to the extent necessary for the remainder to be valid and enforceable.

    Back to top

esrb