ZENIMAX MEDIA PRIVACY POLICY

Effective Date: June 17, 2024

This ZeniMax Media Privacy Policy ("Policy") describes how ZeniMax Media Inc. and our subsidiaries, including ZeniMax Europe Ltd. and our game studios (https://www.zenimax.com/en/studios) (collectively, "ZeniMax," "we," "our," or "us"), collect, use, disclose, and otherwise process your personal information, as well as the rights and choices you have regarding such personal information.

California Residents. If you are a California resident, please review Section 15.b.i. California Residents for important information about our privacy practices and your rights under California privacy laws, including your right to submit a "Do Not Sell or Share My Personal Info" request.

ESRB Privacy Certification. ZeniMax is a valid licensee and participating member of the Entertainment Software Rating Board's Privacy Certified Program ("ESRB Privacy Certified"). All Services where this Policy is posted that also display an ESRB Privacy Certified seal have been reviewed and certified by ESRB Privacy Certified to meet established online information collection, use, and disclosure practices. As a licensee of this privacy program, we are subject to audits of our Services and other enforcement and accountability mechanisms administered independently by the ESRB. For more information about ESRB Privacy Certified, please see https://www.esrb.org/privacy/.

You can review information about our privacy practices and your rights and choices below in the following sections:

Scope of Our Policy
Personal Information We Collect
Purposes of Use and Legal Bases for Processing of Personal Information
Disclosure and Sharing of Personal Information
Cookies, Analytics, and Personalization
Targeting and Advertising
Third-Party Links and Features
User Generated Content
Security of Your Information
Data Retention
International Transfers of Data
User Rights and Choices
Contact Details
Changes to this Policy
Additional Information for Users in Certain Jurisdictions

1. Scope of Our Policy

Except as otherwise noted below, this Policy applies to the personal information that ZeniMax collects and processes related to:

Our "Services," which include (i) our mobile applications, games, websites, and other online services (and any feature thereof), including games published and developed by Bethesda Softworks, ZeniMax Online Studios, and other ZeniMax studios, (ii) contests, sweepstakes, promotions, events, research, and surveys that we sponsor or conduct, and (iii) other content, products and services that we make available to customers, purchasers, subscribers, players, and/or users (each, a "User").
Individuals who subscribe to receive news, information, and marketing communications from us.
Individuals who engage with us at conferences, expos, and other events in which we participate.
Users and other individuals that communicate or engage with us related to our Services or our business, communicate with or about us or our content on third-party platforms and social media pages, or otherwise interact with us online or offline.

Not Covered by this Policy. This Policy does not apply to job applicants and candidates who apply for employment with us, or to employees and non-employee workers in the context of our working relationship with them. This Policy also does not apply to any third-party websites, services, products or mobile applications maintained by other companies, which are linked to from our Services.

Aggregate and Non-Identifiable Information. Notwithstanding anything else in this Policy, we may collect, use, share, disclose, and otherwise process aggregate, anonymous, and in some cases de-identified information related to our business and the Services for research, marketing, analytics, and other purposes. Where we use, disclose or process de-identified information, we will maintain and use this information in de-identified form and not to attempt to reidentify the information, except in accordance with applicable privacy laws.

2. Personal Information We Collect

ZeniMax collects personal information directly from Users, automatically related to the use of the Services, and in some cases, from third parties (e.g., social networks, platform providers, payment processors, and operators of certain third-party services that we use). The information we collect about Users varies depending upon the circumstances, such as the games or other Services used.

Information We Collect Directly From You. You can visit our websites and use certain of our games without registering. However, in certain circumstances (e.g., to create an account or use certain Services), you must provide us with certain personal information.

The personal information that we collect varies depending upon your use of our Services and our interactions with you. It includes:

Registration and profile information: To access and use certain Services (e.g., to register a game, access subscription-based Services, create an account, or link certain accounts), we may require you to provide us with certain information including your name, username and password, as well as country of residence, email, and other contact information. If you decline to register and provide the mandatory information, you may not be able to use certain Services. We may also ask you or allow you to submit certain optional information, which may include your phone number, birthdate, location, preferences, a photo or avatar, and other profile information.
Purchases and payments information: If you make a purchase or sign up for certain subscription-based Services, you are required to provide your payment information, including name, billing and shipping address and details, payment type, as well as credit card number or other payment account details (e.g., PayPal). We work with third parties like payment processors and fulfillment partners to process these payments. We do not collect, receive, process, or store credit card or debit card numbers, or other third-party payment account credentials (e.g., PayPal). Depending upon the Service, we may receive your username, name, email, payment type, product(s) or service(s) purchased, and other transaction details, and we may maintain records of your purchase and subscription history.
Marketing, contests, promotions, and events: You can sign up online or in-person (e.g., at tradeshows, conferences, and the like) to receive direct marketing communications from us, including emails about game launches, developments, and upcoming releases. If you agree to receive direct marketing communications from us, we will collect your email address, and we may also collect your name, preferences, and if relevant, information about your account and the Services and other games you use. We may also collect your name, age, email address, and other information in connection with contests, sweepstakes or other events or activities on our websites and social media channels. If you attend our events, we may collect the data you provide to us when registering for or during the event, and may also process your image and voice data if the event is recorded.
Your communications: When you email us, call us, chat with us, or otherwise send us communications regarding the Services, we collect and maintain a record of your contact details, communications, and our responses. We may also collect and maintain records of the in-game communications and information that you post in chat sessions, forums, in-game voice chats, and in other areas of the Services.
Business partners and others: We may collect and receive personal information about current, former and prospective vendors, business partners, and others with whom we have a business relationship. Generally, this information may include name, company information, payment and contact details, and communications records. If you visit one of our offices, we may ask you to provide certain information for health, safety, or security purposes.

Information We Collect and Receive from Third Parties. We may collect and receive personal information about you from third parties, as explained below:

Third-party Platforms: You may be able to access or connect with some of our Services through certain third-party platforms (e.g., Steam) and interact with us and others about the Services through forums and communities on third-party platforms (e.g., Discord, https://discord.com/privacy) (each, a "Third-Party Platform"). For example, you may be able to log in to or link to certain Services with a Third-Party Platform account, such as PlayStation™ Network (https://www.playstation.com/en-us/legal/privacy-policy/), Steam (https://store.steampowered.com/privacy_agreement/), Twitch (https://www.twitch.tv/p/en/legal/privacy-notice/), and Xbox Network (https://privacy.microsoft.com/en-us/privacystatement). You may be able to subscribe to certain Services, make game-related purchases, download applications, updates, and other Services, and earn rewards (subject to applicable program terms) from us through Third-Party Platforms. You may also be able to access certain games and other Services or interact with us and others about the Services through Third-Party Platforms, without logging in to our Services or registering with us. In each of these circumstances, we may receive certain personal information from these Third-Party Platforms, subject to their respective policies and terms—for example, if you play a game through a Third-Party Platform, we may receive your username, console identifiers (e.g., XUID and PUID), IP address, MAC address, and other identifiers and device information, and if you communicate about us or the Services through third-party forums, we may collect and receive personal information such as username, email address, public profile information, and information you post about us and our Services.

These Third-Party Platforms may also collect information about your login and activities related to the Service and enable you to interact, chat, and share game information with other users, subject to their respective policies and terms. Each of these Third-Party Platforms is operated and managed by a third party and subject to their respective terms and conditions and privacy policies.

Mobile Platforms. In addition, if you download our mobile apps or use our Services on your mobile device, we may receive personal information from the relevant app stores and platform providers, including your country/location, user ID. and other identifiers and device information. These third parties may also collect information from you as described above.

Third-party tools: We may use third-party tools to help us manage and analyze our social media presence and report on comments, mentions, and other content that is posted about us and our Services on third-party social media sites and other public channels and forums. How your information may be shared and accessed from these third-party social media sites and other public channels and forums is subject to their respective privacy policies and terms.
Vendors and providers: We may engage vendors and work with other partners to provide services to us or to Users on our behalf (such as payment processors, digital storefronts, cloud hosting, and service providers). In addition, we may receive personal information from ad networks, analytics providers, and others who we work with to deliver, improve, and measure our online advertising and marketing campaigns.

Information We Collect About Your Usage and Activities. We collect personal information about how you use the Services and interact with us and others, such as information we collect automatically (e.g., using cookies and pixel tags), as well as information we derive about you and your use of the Services (e.g., when you play our games). Such information includes:

User IDs: we assign Users a unique user identifier, which we use to identify and link relevant information to your activities within the Services (e.g., in-game information such as statistics, scores, achievements, and subscription levels). Some of our games also may allow Users to play without creating an account and/or registering with us. In such cases, we may assign you a guest user ID so that we can keep track of your game play, scores, stats, purchasing data, and usage data for your current and future sessions. If you later decide to register or create an account with us, we may associate your guest user ID and the data from your guest session(s) with your account.
Activities, stats, friends and preferences: we collect usage and preference details related to your use of the Services, such as language, in-game purchases, game-play statistics, scores, persona, characters, achievements, rankings, time spent playing, click paths, game profile, preferences, friends (including friend relationships through, for example, the creation of clans), and other data that you provide to us as part of your account.
Other information: We also may automatically or indirectly collect information about you, your computer or mobile device (such as when you use our Services, read our emails, or interact with our social media channels). We (and our third-party providers) may record log files and use cookies, pixel tags, local shared objects, java script, and other mechanisms to collect this information about you. For more information, see Section 5. Cookies, Analytics, and Personalization. In addition, we may collect location information from your device if you grant us permission to do so, or derive your location based upon your IP address.

Children. ZeniMax does not knowingly request or collect personal information from children younger than 13 years of age. If you believe that we have collected personal information from a child under 13, please contact us as set forth in Section 13. Contact Details, and we will take action as necessary to securely delete such information.

3. Purposes of Use and Legal Bases of Processing for Personal Information

We use, disclose, and otherwise process the personal information we collect as described in this section. In this section, we also explain the legal bases for which we process personal information about Users, as required by the EU General Data Protection Regulation (the "GDPR") (and other relevant laws such as UK data protection laws and the Brazilian General Data Protection Law (the "LGPD")).

Legal Bases for Processing. Pursuant to the GDPR (and other relevant laws), in general, we process your personal information for the following legal bases:

Performance of our contract with you: The personal information we collect may be used to perform our agreements with you, including our Terms of Service, Code of Conduct, and other terms and conditions applicable to the Services you use.
To comply with a legal obligation to which ZeniMax is subject: The personal information we collect may be processed in order to comply with the law and our legal obligations.
For our legitimate business interests: We may process personal information in furtherance of our legitimate business interests in protecting, maintaining, and improving the Services; developing new games, features, and services; marketing and promoting our Services (including by profiling and marketing to Users); protecting our legal rights and interests; in support of mergers, acquisitions, reorganizations, and other business transactions; and to generally operate and improve our business.
With your consent: We may process personal information about you based on your consent, for example (where required by law) to send you marketing communications, surveys, news, updates, and other communications. In addition, where required by applicable law, ZeniMax will obtain your consent to this Policy and our collection, use, and disclosure of your personal information. You may be able to withdraw your consent at any time in accordance with applicable laws; please see Section 12. User Rights and Choices for information on how to withdraw your consent.

Purposes of Use and Processing. In general, we use, disclose, and process personal information for purposes described below. Where GDPR or other similar laws apply, we have also set forth the legal bases for such processing (see above for further explanation of our legal bases) in parentheses below:

Providing our Services and related support: including to operate the Services; to administer contests, programs, and promotions; to communicate with Users about their access to and use of our Services; to respond to User inquiries; to fulfill User orders and requests; to process payments; to provide troubleshooting and other technical support; and for other customer service and support purposes. (Legal basis: performance of our contract with you; and/or for our legitimate business interests)
Protecting the integrity of the Services: including to verify your identity (when you access or use our Services or interact with us in-person); to detect and prevent fraud, cheating and unauthorized activities; to facilitate software updates; to secure our systems and the Services; to prevent hacking, cheats, and spamming; to enforce our Terms of Service, Code of Conduct, and other applicable terms; and to protect the rights and safety of Users. (Legal basis: performance of our contract with you; to comply with a legal obligation; and/or for our legitimate business interests)
Analyzing and improving the Services and our business: including to better understand how Users access and use our Services; to evaluate and improve the Services and our business operations; to develop new games, features, offerings, and services; to conduct surveys and other evaluations; and for other research and analytical purposes. (Legal basis: our legitimate business interests)
Personalizing the Services: including to tailor content we send or display on our websites and other Services (e.g., for your geographic area); to offer personalized help and instructions; to tailor your gameplay experiences; and otherwise personalize your experiences with the Services. (Legal basis: our legitimate business interests; and/or to comply with a legal obligation)
Advertising, marketing, and promotional purposes: including to send or display targeted marketing to Users and others who may be interested in our Services; to reach you with more relevant ads and to evaluate, measure, and improve the effectiveness of our ad campaigns; to send you newsletters, offers, or other information we think may interest you; to contact you about our Services or information we think may interest you; and to administer promotions and contests. Where required by applicable law, we will obtain your consent to use your personal information for marketing and related purposes. (Legal basis: our legitimate business interests; and/or with your consent)
Securing and protecting our business: including to protect and secure our business operations, assets, Services, network, and information and technology resources; to investigate, prevent, detect and take action regarding fraud, cheating, unauthorized access, situations involving potential threats to the rights or safety of any person or third party, or other unauthorized activities or misconduct (Legal basis: our legitimate business interests; to comply with a legal obligation; and/or performance of our contract with you)
Defending our legal rights: including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend, or protect our rights or interests, including in the context of anticipated or actual litigation with Users or third parties. (Legal basis: our legitimate business interests; and/or to comply with a legal obligation; in Brazil, this also includes the exercise of rights in judicial, administrative, or arbitration proceedings in accordance with applicable laws)
Auditing, reporting, corporate governance, and internal operations: including financial, tax, and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping, and legal functions; to maintain appropriate business records; to enforce company policies and procedures; and related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy, or restructuring of all or part of our business. (Legal basis: our legitimate business interests; and/or to comply with a legal obligation)
Complying with legal obligations: to comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority. (Legal basis: our legitimate business interests; and/or to comply with a legal obligation)

4. Disclosure and Sharing of Personal information

ZeniMax may disclose your personal information as described in this section and we will obtain your consent to do so when required by applicable law:

Vendors and Providers. We may engage vendors, agents, service providers, and affiliated entities to provide services to us or to Users on our behalf, such as support for the internal operations of our websites, online stores (including payment processors), products (such as our games), and services (e.g., forum operations and technical support processing), as well as related offline product support services, data storage, and other services. In providing their services, they may access, receive, maintain, or otherwise process personal information on our behalf. Our contracts with these service providers do not permit use of your personal information for their own marketing and other purposes.

ZeniMax Affiliates and Subsidiaries. Your personal information may be processed by ZeniMax affiliates (including Microsoft Corporation, its subsidiaries and affiliates) and subsidiaries ("Affiliates") for purposes of (i) assisting us to market our Services and games, (ii) analytics, research, and demographic studies, and (iii) development and improvement of games, features, and other products and services by ZeniMax and Affiliates. Subject to applicable law, we may also share your personal information (e.g., contact information, usage data, and characteristics) with Affiliates so that they may contact you about their products and services.

Advertising and Analytics Services. We work with Affiliates and other companies that provide advertising, campaign measurement, online and mobile analytics, and related services to us (with your consent, where required by applicable laws) and to others. They may use the information that we provide or make available (e.g., online identifiers, browsing history, usage data, and other activity information and characteristics) to help us better reach individuals with relevant ads and to measure and improve our ad campaigns, or to better understand how individuals interact with our Services. In addition, these advertising and analytics companies may combine the information collected from us and our Services with information collected about you by them and from third-party sites, apps, and services, in order to make inferences about you and your interests, to better tailor advertising and content to you across multiple sites, apps, and services, and to collect associated metrics. For information about the rights and choices that you may have regarding the sharing of your personal information with advertising and analytics companies, see Section 12. User Rights and Choices.

Legally Required. We may also disclose your personal information if we believe we are required to do so by law, or that doing so is reasonably necessary to comply with legal processes, including when we believe necessary or appropriate to disclose personal information to law enforcement, other governmental or regulatory authorities, or the courts (in any relevant jurisdiction worldwide). In addition, we may disclose the names of sweepstake and contest winners, in accordance with applicable law.

Security and Protection of Rights. We may also disclose your personal information where we believe doing so is necessary to protect the Services and our business operations; to prevent and detect fraud, unauthorized activities and access, and other misuse; to investigate, prevent, or take action regarding actual or suspected illegal activities or fraud, situations involving potential threats to the safety or legal rights of ZeniMax or any person or third party, or violations of our Terms of Service; to regularly exercise our rights in judicial, administrative, or arbitration proceedings (as applicable in Brazil); to respond to any claims against us; and to protect the rights, property, or personal safety of ZeniMax, our customers, or the public.

Corporate Transactions. Your personal information may be disclosed as part of any proposed or actual merger, sale, or transfer of ZeniMax assets, acquisition, bankruptcy, or similar event. We may also share certain personal information as necessary prior to the completion of such a transaction, such as to lenders, auditors, and third-party advisors, including attorneys and consultants, as part of due diligence, or as necessary to plan for the transfer.

With Consent. We may also disclose your personal information to any other affiliated or third parties where you have consented or requested that we do so.

5. Cookies, Analytics, and Personalization

We and our third-party providers use cookies, clear GIFs/pixel tags, JavaScript, local storage, log files, and other mechanisms to automatically collect and record information about your browsing activities, gaming performance, and use of the Services. We may combine this "activity information" with other personal information we collect about you. Generally, we use this activity information to understand how our Services are used, track bugs and errors, provide and improve our Services, establish matchmaking, verify account credentials, allow logins, track sessions, prevent fraud, and protect our Services, as well as for targeted marketing and advertising, to personalize content and for analytics purposes (see Section 12. User Rights and Choices for information about opting in or out of certain uses of your personal information).

Below is a summary of these activities. For more detailed information about these mechanisms and how we collect activity information, see our Cookie Policy, which applies to our sites that display or link to the Cookie Policy, available at https://www.zenimax.com/legal/cookie-policy.

Log Files. We collect certain activity information from log files. Log file information is automatically collected by our servers when you access our Services. We record certain information from these log files, including web requests, IP address, browser type and version, language information, referring and exiting URLs, links clicked, pages viewed, engagement data, and other similar information.

Cookies. These are small files with a unique identifier that are transferred to your browser through our websites. They allow us to remember Users who are logged in, to understand how Users navigate through and use our Services, and to display personalized content and targeted ads (including on third-party sites and applications).

Clear GIFs, Pixel Tags, and Web Beacons. These are tiny graphics with a unique identifier, similar in function to cookies, to understand how Users navigate through and use our Services and to personalize content. We also use these in our emails to let us know when they have been opened or forwarded, so we can gauge the effectiveness of our communications.

Anti-Cheat and Fraud Prevention. Providing a fair gameplay environment is important to us. We prohibit cheating, hacking, account stealing, and any other unauthorized or fraudulent activity when using our Services. In order to detect and prevent fraud and cheating, we may use anti-cheat and fraud prevention tools, applications, and other technologies. When you use our Services, such technologies may create a machine "fingerprint" or "hash" of your machine components, and collect information about you, including information about your browser, device, activities, game identifiers, and operating system. We may also monitor publicly-available information, third-party sites, and/or use anti-cheat technology within our Services.

Analytics Tools. We may use internal and third-party analytics tools (see our Cookie Policy at https://www.zenimax.com/legal/cookie-policy for a list of third parties) to collect and aggregate activity data and other data across multiple channels.

Preferences. You can review or change your preferences for most cookies on our websites (other than those that are necessary to the proper functioning of our websites) by adjusting your cookie settings:

Cookie Settings

6. Targeting and Advertising

We work with third-party ad networks, channel partners, mobile ad networks, analytics and measurement services, and others ("third-party ad companies") to personalize content and display advertising within our Services (including our websites and our mobile and other games and apps), as well as to manage our advertising on third-party sites, mobile apps, and online services. We and these third-party ad companies may use cookies, pixel tags, and other tools (which we may refer to collectively as "targeting cookies") to collect activity information within our Services (as well as on third-party sites and services), as well as IP address, location information, device ID, cookie and advertising IDs, and other identifiers; we and these third-party ad companies use this information to provide you more relevant ads and content within our Services and on third-party sites and apps, and to evaluate the success of such ads and content. See our Cookie Policy (https://www.zenimax.com/legal/cookie-policy) for more details about the third-party ad companies we work with and first- and third-party tags used on the Services and on third-party sites and apps.

Preferences. We make available multiple ways for you to manage your preferences regarding targeting cookies, advertising, and personalization:

Our websites: You can review or change your preferences for targeting cookies and tags on our websites by adjusting your cookie settings: Cookie Settings
Mobile: Some of our mobile games and apps may include third-party advertising and personalization. You can opt out of targeted advertising in our mobile games through the in-app settings for that game and/or by adjusting your device privacy settings (please refer to your device settings for more information). This means that you will no longer get targeted ads in the app; however, you may still receive contextual or general ads.
Industry ad choice programs: You can also control how participating third-party ad companies use the information that they collect about your visits to our websites and use of our mobile applications, and those of third parties, in order to display more relevant targeted advertising to you; for more information and to opt out of receiving targeted ads from participating third-party ad networks go to:
- U.S. Users: https://aboutads.info/choices (Digital Advertising Alliance) (You can also download the DAA AppChoices tool in order to help control interest-based advertising on apps on your mobile device.)
- EU Users: https://youronlinechoices.eu (European Interactive Digital Advertising Alliance)
- Canada Users: https://youradchoices.ca/choices/ (Digital Advertising Alliance of Canada)

Opting out of participating ad networks does not opt you out of being served advertising. You may continue to receive generic or "contextual" ads on our Services. You may also continue to receive targeted ads on other websites, from companies that do not participate in the above programs.

Custom Lists and Matching. Subject to applicable law, we may share certain customer list information (such as your email address or other contact information, which in most cases is hashed when it is shared) with third parties so that we can better target ads and content to our Users, and others with similar interests, within their services and other third-party platforms and services. These third parties use the personal information we provide to help us target ads and to enforce their terms, but we do not permit them to use or share the data we submit to target ads for third parties. You may opt out of this as set forth in Section 12. User Rights and Choices.

7. Third-Party Links and Features

Our Services may contain links to third-party sites that are not owned or controlled by ZeniMax. We are not responsible for the collection and use of your information by these third-party sites. We recommend that you read the privacy notice of any website you visit before you submit any personal information.

In addition, our Services may include or incorporate social media and other third-party features (e.g., widgets, buttons, and plugins), which are operated by third parties, such as Facebook, Steam, Twitch, Twitter, Instagram, YouTube, and others. These features are hosted by the respective third-party operator even though they appear on our Services, and the third party may collect your IP address, URL, date and time stamp, browser details, and the like, subject to their own privacy policies.

8. User Generated Content

You may choose to disclose information (including personal information) about yourself in the course of contributing user-generated content to Services such as forums, chats, in-game messaging, sweepstakes, and contests. Information that you disclose in any of these forums is unencrypted public information, and may be accessed by members of the public, who are not subject to this Policy. In addition, when you enter certain public areas of our Services, your username and other public profile information may be viewable by others. You should have no expectation of privacy as to any information you post or display in our forums or games, or in your profile, or that you otherwise make available on or through our Services.

9. Security of Your Information

ZeniMax takes reasonable and appropriate administrative, technical, and physical measures to protect against possible breaches of our Services and the personal information we maintain. However, no website or Internet transmission is completely secure. Thus, ZeniMax cannot and does not guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. We urge you to take steps to keep your personal information safe, such as choosing a strong password and keeping it private, enabling multifactor authentication (where available), as well as logging out of your User account and closing your web browser when finished using the Services.

10. Data Retention

We will retain your personal information as long as necessary for purposes for which the personal information was collected and is used by us, as stated in this Policy. If you wish to cancel your account or request that we no longer use your personal information to provide the Services to you, please contact us as set forth in Section 13. Contact Details. However, if you withdraw consent or otherwise object to our collection, use, and disclosure of your personal information, you may not be able to use the Services. Further, to the extent permitted by applicable law, we will retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements.

11. International Transfers of Data

ZeniMax is headquartered in the United States, and has operations, entities, and service providers in the United States and throughout the world. As such, ZeniMax may collect your personal information from the United States, and we may transfer your personal information to, and process your personal information from, the United States and other jurisdictions where we and our Affiliates and service providers have operations. Some of these jurisdictions (including the United States) may not provide equivalent levels of data protection as compared to your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.

Users in the European Economic Area (EEA) and United Kingdom. ZeniMax will take steps to ensure that appropriate safeguards are in place to protect your personal information that we transfer to the United States or other jurisdictions that do not provide equivalent levels of data protection according to the European Commission, including by putting in place standard contractual clauses as approved by the European Commission (the form for the standard contractual clauses can be found at https://eurlex.europa.eu/eli/dec_impl/2021/914/oj).

Users in Brazil. If your personal information is subject to Brazilian laws, ZeniMax will ensure that appropriate safeguards are in place to protect your personal information, as required by the LGPD.

12. User Rights and Choices

ZeniMax gives Users several ways to access, amend, and exercise their choices and rights regarding their personal information.

Marketing Preferences. You may change your email preferences and opt out of marketing communications through the marketing preferences tab in your account profile(s).

Marketing emails: You may opt out of marketing emails by using the unsubscribe option in each marketing email we send to you. Account holders may also opt out or change their preferences for marketing emails in the marketing preferences tab of their account profile(s). If you opt out of direct marketing communications, we may to the extent permitted by applicable law still send you non-promotional communications, such as those about your account or our ongoing business relationship.
Custom lists and matching: If you maintain an account with us, you can opt out of being included in custom lists and matching campaigns by us by updating your marketing preferences in your account profile(s).

Cookies and Advertising. As noted in Section 5. Cookies, Analytics, and Personalization and Section 6. Targeting and Advertising, you can manage your preferences for cookies (including advertising cookies) on our websites and in our online games by adjusting your cookie preferences:

Cookie Settings

For our mobile games and apps that include third-party advertising, you may opt out of such targeted advertising through the in-app settings for that game and/or by adjusting your device privacy settings, as explained in Section 6. Targeting and Advertising.

Push Notifications. In some of our mobile Services, we may send push notifications from time-to-time in order to update you about the game, events, or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level.

Remove Content. If you wish to request removal of any User content you have posted, please contact us as set forth in Section 13. Contact Details.

Access, Correction, and Deletion. Registered Users may review and update their profile information and communications preferences directly within their account. If you would like us to delete your personal information, you may contact us to delete your account. Please contact us as set forth in Section 13. Contact Details, to exercise your rights or make a request regarding your personal information.

Submitting a Privacy Request. Privacy requests may be submitted by you (or an authorized agent with authority to act on your behalf) to us as set forth in Section 13. Contact Details. Please keep in mind that certain Services will not be available if you withdraw your consent, or otherwise delete or object to our processing of certain personal information. We will take steps to verify your request by matching the information provided in your request with the information we have in our records. You must complete all required fields on our webform (or otherwise provide us with this information via email as set forth in Section 13. Contact Details) and verify their access to the User's registered email address. Authorized agents must provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent.

We will respond to your request in accordance with applicable law, and we will inform you if we do not intend to comply with your request.

Additional Information for Users in Certain Jurisdictions. Additional Information about the privacy rights under certain privacy laws, including the GDPR and UK data protection law and certain U.S. privacy laws, can be found in Section 15. Additional Information for Users in Certain Jurisdictions. Please review this section for more information.

13. Contact Details

If you have any questions, complaints, or comments regarding our Policy or practices, or would like to exercise your privacy rights, please submit a request at:

https://help.bethesda.net/app/incident10/?prod=711&cat=1220 (Bethesda Users), or https://help.elderscrollsonline.com/app/incident/?category=1220 (The Elder Scrolls Online Users).

Playtesters can also submit a request via email to [email protected] (more information is available at https://playtest.bethesda.net/faq).

You may also contact us via email at [email protected].

Controller. The controller for your personal information is ZeniMax Media Inc., 1370 Piccard Drive, Rockville, MD 20850 USA. In addition, for purchases made by Users in the EEA and the UK, ZeniMax Europe Ltd, Reg. No. 06333300, 4th floor, The Lantern, 75 Hampstead Road, London NW1 2PL, United Kingdom, is also a controller for your transaction data. Further, each ZeniMax subsidiary company is a controller for the personal information that they process related to vendors, service providers, and others with whom they have a contractual or business relationship.

This Policy applies to both ZeniMax Media Inc. and ZeniMax Europe Ltd, as well as the ZeniMax subsidiaries when acting as a controller. Data subjects may exercise their rights with respect to their personal information processed by any of the ZeniMax controllers by contacting ZeniMax Media Inc. online or by email, as set forth above.

ESRB Privacy Certified. As previously mentioned, we are a member of ESRB's Privacy Certified Program. If you believe that we have not responded to your inquiry or your inquiry has not been satisfactorily addressed, please contact ESRB Privacy Certified at [email protected] or https://www.esrb.org/privacy/contact/.

14. Changes to this Policy

This Policy is current as of the Effective Date set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Services. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will provide you with appropriate notice.

15. Additional Information for Users in Certain Jurisdictions

This section includes additional information as required under the privacy laws of certain jurisdictions.

a. EEA (GDPR), UK and Brazil

Subject to the conditions set out in applicable law, Users in the European Union/European Economic Area, United Kingdom, and Brazil (as well as in other jurisdictions where similar rights apply) have the following rights regards our processing of their personal information:

Right of access: to confirm whether we are processing your personal information and to receive a copy of that personal information (along with certain other details).
Right to correction (rectification): to request that we correct any personal information we hold about you that is inaccurate or incomplete.
Right to erasure: to request that we delete your personal information under certain circumstances, such as where we no longer need it or if you withdraw your consent (where applicable). (NOTE: If you request that we delete your personal information, we may do so by deleting your account(s) with us.) Brazilian Users may also request the anonymization, blocking, or erasure of unnecessary or excessive personal information, or personal information processed in violation of the LGPD.
Right to restrict (block) processing: to request that we restrict the processing of your personal information under certain circumstances, such as where you contest its accuracy or object to our use or stated legal basis.
Right to data portability: to receive a copy of personal information we have obtained from you in a structured, commonly used, and machine-readable format and to reuse it elsewhere or to ask us to transfer it to a third party of your choice, under certain circumstances.
Right to object : to object to our processing of your personal information on the basis of our legitimate interests, in which case, we must stop such processing unless we have compelling legitimate grounds that override your interest or where we need to process it for the establishment, exercise, or defense of legal claims. Where we are relying on our legitimate interests (other than marketing), we believe that we have a compelling interest in such processing, but we will individually review each request and related circumstances.
Right to object to marketing : to request that we stop processing your personal information for marketing purposes, on the basis of our legitimate interests. If you do so, we will stop such processing for our marketing purposes.
Right not to be subject to automated decision-making: to not be subject to a decision when it is based on automatic processing if it produces a legal effect or similarly significantly affects you, unless it is necessary for entering into or performing a contract between us.
Right to withdraw your consent: where you have consented, to withdraw your consent to our processing of your personal information, without affecting the lawfulness of our processing prior to the withdrawal of your consent. Brazilian Users also have the right to be informed about the consequences of denying or withdrawing consent.
Right to lodge a complaint: to lodge a complaint with a supervisory authority if you believe our processing of your personal information infringes the law.

Please note that some of these rights may be limited, such as where we have an overriding interest or legal obligation to continue to process the data. Please contact us using the information set out in Section 13. Contact Details as well as provided below, if you wish to exercise any of your rights or if you have any inquiries or complaints regarding the processing of your personal information by us.

EU Representative: ZeniMax Media Inc. and ZeniMax Europe Ltd have appointed ZeniMax Benelux BV, Grote Berg 18E, 5611 KK Eindhoven, the Netherlands, as representative office for purposes of the GDPR.

UK Representative: ZeniMax Media Inc. has appointed its subsidiary ZeniMax Europe Ltd, 4th floor, The Lantern, 75 Hampstead Road, London NW1 2PL, United Kingdom, as its representative office for purposes of UK data protection laws.

b. U.S. Residents

Residents of California and of other U.S. states, including Colorado, Connecticut, Delaware, Iowa, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Texas, Utah, and Virginia, have additional privacy rights under applicable state privacy laws as described below. Section 15.b.i includes additional information for residents of California and Section 15.b.ii provides information about the privacy rights of residents of certain other U.S. states.

i. California Residents

Below, we provide information as required under California privacy laws, including the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, "CCPA"), which require that we provide California residents certain specific information about how we handle their personal information, whether collected online or offline. This section does not address or apply to our handling of publicly available information made lawfully available by state or federal governments or other personal information that is subject to an exemption under California privacy laws.

Categories of Personal Information We Collect and Disclose. Our collection, use, and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident. The table below sets out generally the categories of personal information (as defined by the CCPA) about California residents that we collect and disclose to others for a business purpose.

Personal Information Collected		Categories of Third Parties to Whom We May Disclose this Information for Business or Commercial Purposes
Identifiers	Includes direct identifiers such as name, username, and alias; email, billing address, and other contact information; UID, BUID, device ID, IP address, third-party platform identifiers, and account details (e.g., PlayStation®, Xbox, Steam, Facebook); and other online or unique identifiers	vendors and service providers advisors and agents government entities and law enforcement affiliates and subsidiaries advertising networks data analytics providers social networks internet service providers operating systems and platforms
Customer Records	Includes your account and profile information and customer records that contain personal information, such as username, name, demographics and other characteristics or descriptions, email, address, telephone number, and other contact information, account credentials, communications preferences, billing and payment information, customer service and support tickets and records, and other information individuals provide us in order to register for, access, or purchase our Services	vendors and service providers advisors and agents government entities and law enforcement affiliates and subsidiaries internet service providers operating systems and platforms
Commercial Information	Includes records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies, such as information about your subscriptions and current and past payments and purchases, games you play or are interested in, and your purchase tendencies	vendors and service providers advisors and agents government entities and law enforcement affiliates and subsidiaries advertising networks data analytics providers social networks internet service providers operating systems and platforms
Usage Data	Includes browsing history, clickstream data, search history, access logs, information regarding your interactions with our websites, mobile apps and other Services and our marketing emails and online ads, and other usage data related to your use of the Services, such as language and preferences, in-game purchases, game-play statistics, scores, persona, characters, achievements, rankings, time spent playing, click paths, game profile, preferences and friends, as well as your comments, posts, and interactions in forums and communities	vendors and service providers advisors and agents government entities and law enforcement affiliates and subsidiaries advertising networks data analytics providers social networks internet service providers operating systems and platforms
Geolocation Data	Includes location information about a particular individual or device, such as device location information for mobile game Users	vendors and service providers advisors and agents government entities and law enforcement affiliates and subsidiaries advertising networks data analytics providers
Audio, Video and Electronic Data	Includes audio, electronic, visual, or similar information, photographs and images (e.g., that you provide us or post to your profile), call recordings (e.g., of customer support calls), and User photos submitted (such as profile images)	vendors and service providers advisors and agents government entities and law enforcement affiliates and subsidiaries advertising networks data analytics providers social networks internet service providers operating systems and platforms business customers/clients
Inferences	Includes inferences drawn from other personal information that we collect to create a profile based on your account and activities, that reflect your preferences, characteristics, behavior, attitude, and abilities related to the Services	vendors and service providers advisors and agents government entities and law enforcement affiliates and subsidiaries advertising networks
Sensitive Personal Information	In limited circumstances, we may collect: Social Security Number, driver’s license, precise geolocation, and personal information collected and analyzed concerning a consumer’s health	vendors and service providers advisors and agents government entities and law enforcement affiliates and subsidiaries

Do We "Sell" or "Share" Personal Information? California privacy laws define a "sale" as disclosing or making available to a third party, personal information in exchange for monetary or other valuable consideration, and "sharing" includes disclosing or making available personal information to a third party for purposes of cross-context behavioral advertising. We do not disclose personal information to third parties in exchange for monetary compensation. We may "sell" (as defined by the CCPA) Identifiers and Usage Data to third-party advertising networks, analytics providers, and social networks. We may "share" (as defined by the CCPA) Identifiers, Customer Records, Commercial Information, Geolocation Data, and Usage Data to third-party advertising networks, analytics providers, and social networks, as well as our Affiliates. We do not "sell" or "share" (as defined by the CCPA) sensitive personal information, nor do we "sell" or "share" any personal information about individuals who we know are under sixteen (16) years old.

Sources of Personal Information. In general, we may collect the categories of personal information identified in the table above from the following categories of sources, in addition to directly from consumers:

Our Affiliates
Third-party platforms
Third-party sites and services
Ad networks
Analytics providers
Social networks
Internet service providers
Operating systems and platforms
Our vendors and service providers

Purposes for Collecting and Disclosing. As described in more detail in Section 3. Purposes of Use and Legal Bases of Processing for Personal Information, in general, we collect and otherwise process the above personal information in order to provide our Services to you, respond to and fulfill your orders and requests, as otherwise directed or consented to by you, and for the following business or commercial purposes:

Providing our Services and related support
Protecting the integrity of the Services
Analyzing and improving the Services and our business
Personalizing the Services
Advertising, marketing, and promotional purposes
Securing and protecting our business
Defending our legal rights
Auditing, reporting, corporate governance, and internal operations
Complying with legal obligations

Retention. We will retain your personal information as long as necessary for purposes for which the personal information was collected and is used by us, as stated in this Policy. If you wish to cancel your account or request that we no longer use your personal information to provide the Services to you, please contact us as set forth in Section 13. Contact Details. However, if you withdraw consent or otherwise object to our collection, use, and disclosure of your personal information, you may not be able to use the Services. Further, to the extent permitted by applicable law, we will retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements.

Sensitive Personal Information. We collect and use certain sensitive personal information which may vary depending on the circumstances. We may collect the following categories of sensitive personal information, as indicated in the chart above: identifiers; geolocation data; protected classifications; and paper and electronic records.

We may use or disclose these categories of sensitive personal information for the following purposes:

To perform the services or provide the goods as reasonably expected by you;
To detect security incidents that compromise the availability, authenticity, integrity, and confidentiality of sensitive personal information that is stored or transmitted;
To resist malicious, deceptive, fraudulent, or illegal actions directed at ZeniMax and to prosecute those responsible for those actions;
To ensure the physical safety of Users and other people;
For short-term, transient uses;
To perform services on behalf of ZeniMax, such as maintaining or servicing User accounts, verifying User information, and providing support to Users; and
With respect to a service or device that is owned, manufactured, manufactured for, or controlled by ZeniMax, to verify or maintain the quality or safety, improve, upgrade, or enhance the service or device.

We do not sell your sensitive personal information to third parties, and we do not share your sensitive personal information for cross-context behavioral advertising purposes.

California Residents' Rights. California residents have the right to receive certain information about how their personal information is used and disclosed and to not be discriminated against for exercising their privacy rights under the CCPA. In addition, California residents have the right to understand the material terms of any "financial incentive" offered to them and to not be included in such without consent.

The CCPA also grants California residents the following rights (subject to certain limitations):

Opt out of sales and sharing: the right to opt out of our sale and sharing of their personal information.
Delete: subject to certain exceptions, the right to request deletion of their personal information that we have collected about them.
Know/access: the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them and to have this delivered either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance. California residents also have the right to request that we provide them certain information about how we have handled their personal information, including the:
categories of personal information collected;
categories of sources of personal information;
business and/or commercial purposes for collecting, selling, and sharing their personal information;
categories of third parties with whom we have disclosed or shared their personal information;
categories of personal information that we have disclosed or shared with a third party for a business purpose; and
categories of third parties to whom the residents' personal information has been sold and shared and the specific categories of personal information sold and shared to each category of third party.
Correct: the right to request that a business that maintains inaccurate personal information about the resident correct that personal information.
Limit use or disclosure of sensitive personal information: the right to limit the use or disclosure of sensitive personal information to those uses authorized by California privacy laws. However, we do not use or disclose sensitive personal information except for the purposes described above under "Sensitive Personal Information," as authorized by California privacy laws.

Submitting CCPA Requests to Know, Correct, and Delete. California residents may submit a request to exercise their CCPA rights to know, correct, and delete as set forth below:

Bethesda Users: https://help.bethesda.net/app/incident10/?prod=711&cat=1220
Elder Scrolls Online: https://help.elderscrollsonline.com/app/incident/?category=1220
Playtesters: via email to [email protected]

California residents may also submit a request to exercise these rights via email to [email protected].

When you submit a request to know, to correct, or to delete we will take steps to verify your request by matching the information provided by you with the information we have in our records. You must complete all required fields on our webform (or otherwise provide us with this information via the above email address) and verify your access to the registered email address for your account, in order to verify your request. In some cases, we may request additional information in order to verify your request or where necessary to process your request. If we are unable to adequately verify a request, we will notify the requestor. Authorized agents may initiate a request on behalf of another individual by contacting us in writing at the contact information set forth in Section 13. Contact Details. Authorized agents will be required to provide proof of their authorization and we may also require that the relevant consumer directly verify their identity and the authority of the authorized agent. We will respond to verifiable requests received from California residents as required by law.

Requests to Opt Out of Sales and Sharing. California residents may submit requests to opt out of "sales" and "sharing" as set forth below:

Webform: You may submit a request to opt out of "sales" and "sharing" of personal information associated with your account via our privacy webforms:
- Bethesda Users: https://help.bethesda.net/app/incident10/?prod=711&cat=1220
- Elder Scrolls Online: https://help.elderscrollsonline.com/app/incident/?category=1220
Browser Opt Out: You may opt out of "sales" and "sharing" (if applicable) via your browser on our websites by:
- Turning on "global privacy control"—or GPC—signals for your browser. If we recognize that your browser is transmitting a GPC signal, we will opt that browser out of "sales" and "sharing."
- Turning off "Sales and Sharing of Personal Information" under the Cookie Preferences and Opt Out settings for that website, which you can access by clicking the "Do Not Sell or Share My Personal Info" link in the footer of that website.

Your opt out is browser specific and applies to "sales" and "sharing" on the website you are browsing (i.e., via cookies). If you come to the website from a different device or a different browser on the same device, you will need to apply your preferences or turn on GPC for that browser or device as well. More information on GPC is available at https://globalprivacycontrol.org/.

Mobile Apps: Some of our mobile apps may include third-party targeting. You may opt out of "sales" and "sharing" (as applicable) for these mobile apps via the in-app setting for that app, which you can access from the settings menu. (See Section 6. Targeting and Advertising for more information.)

Rights Under California's Shine-the-Light Law. We do not share personal information collected online with unaffiliated third parties for their own direct marketing purposes and will not do so unless you agree to such disclosure. If you are a California resident and you still believe your information has been shared or you have general questions about how your information may have been shared, you may contact us by requesting a list of the third parties to which we have disclosed personally identifiable information about you for their own direct marketing purposes. You may make one request per year. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. You may request this information in writing by contacting us via the contact details set out in Section 13. Contact Details.

Do-Not-Track Signals. Please note that our websites do not recognize or respond to any signal which your browser might transmit through the so-called "Do Not Track" feature your browser might have. However, you can set your preferences for cookies on our websites as discussed in Section 5. Cookies, Analytics, and Personalization.

For more information about our privacy practices, you may contact us as set forth in Section 13. Contact Details.

ii. Other U.S. State Residents

Residents of certain U.S. states have additional privacy rights under applicable privacy laws, subject to certain limitations, including:

Right to Correct: to correct inaccurate personal information, taking into account the nature and purposes of the processing of the personal information.
Right to Delete: to delete personal information provided to or obtained by us.
Right of Access: to confirm whether we are processing personal information and to obtain a copy of personal information in a portable and, to the extent technically feasible, readily usable format.
Rights to Opt Out: to opt out of certain types of processing, including:
to opt out of the "sale" of personal information by ZeniMax.
to opt out of the use and disclosure of personal information for the purposes of targeted advertising (i.e., cross-contextual behavioral advertising).
to opt out of processing (if any) of personal information for purposes of making decisions that produce legal or similarly significant effects.
to opt out of certain uses and disclosures of sensitive personal information by us.

You and an authorized agent acting your behalf may submit a request to opt out of certain types of processing by us (as applicable) and to access, correct, or delete your personal information, as set forth in Section 12. User Rights and Choices. We will respond to your request as required under the applicable privacy law(s).

In addition, you can also set your browser to transmit a "global privacy control" (GPC) signal or another approved "universal opt-out mechanism" to opt out of targeted advertising and sales (as defined under applicable law). If we detect that your browser is transmitting a GPC or other recognized universal opt-out signal when you visit one of our websites, we will opt that browser on your device out of targeting cookies on that website. Please note that if you come back to that website from a different device or from a different browser on the same device, you will need to apply the signal for that browser and/or device as well.

If we deny your request, you may appeal our decision by emailing [email protected] and specifying that you are appealing our prior decision.