Terms of Service
Privacy Policy
Legal Information

ZENIMAX MEDIA ONLINE PRIVACY POLICY

ESRB PRIVACY CERTIFIED MEMBER CONFIRMATION

ZENIMAX MEDIA ONLINE PRIVACY POLICY

Last Updated: January 27, 2020

This ZeniMax Media Online Privacy Policy ("Policy") describes how ZeniMax Media Inc. and our affiliates and subsidiaries (collectively, "ZeniMax", "we" or "us") collect, use and otherwise process the personal information we collect about our about customers, purchasers, subscribers, and/or users (each a " User") of our mobile applications, games, websites and other online services (collectively, our " Services").

Overview of Our Collection and Use of Personal Information
This table provides an overview and is intended to summarize key information about our information practices, which are further explained in our Privacy Policy below. The actual information we collect about you and the use of such personal information will vary depending upon the nature of our relationship and interactions with you.
Categories of personal information collected Uses of personal information
Name, contact info and other identifiers (e.g., name, email, address, username and alias; UID, BUID, device id, third party platform identifiers and account details (e.g., PlayStation®, Xbox, Steam, Facebook), and other online or unique identifiers)
  • Providing our Services and related support

  • Protecting the integrity of the Services

  • Analyzing and improving the Services and our business

  • Personalizing the Services

  • Advertising, marketing and promotional purposes

  • Securing and protecting our business

  • Defending our legal rights

  • Auditing, reporting, corporate governance, and internal operations

  • Complying with legal obligations
Paper and electronic customer records (e.g., your account and profile, which contains personal information, such as username, name, demographics and other characteristics or descriptions, email, address, telephone number, and other contact information, account credentials, communications preferences, and customer service and support tickets and other records)
Purchase history and tendencies (e.g., information about your subscriptions current and past payments and purchases, and your purchase tendencies)
Usage data (e.g., usage and preference details related to your use of the Services, such as language, in-game purchases, game-play statistics, scores, persona, characters, achievements, rankings, time spent playing, click paths, game profile, preferences and friends)
Geolocation data (e.g., for mobile games users)
Audio, video and other electronic data (e.g., call recordings of customer support calls, and User photos submitted to the Services)
Profiles and inferences (e.g., profiles based on your account and activities, that reflect your preferences, characteristics, and abilities related to the Services)
ESRB Privacy certification. ZeniMax values the importance of your privacy and has received the ESRB Privacy Certification. ZeniMax is a valid licensee, and participating member of the Entertainment Software Rating Board's Privacy Certified Program (“ESRB Privacy Certified”). All Services where this Policy is posted and which display an ESRB certification seal have been reviewed and certified by ESRB Privacy Certified to meet established online information collection, use and disclosure practices. As a licensee of this privacy program, we are subject to audits of our Services and other enforcement and accountability mechanisms administered independently by the ESRB.
Individual rights. Please see Section 12. User Rights and Choices below for a description of the choices we provide and the rights you have regarding your personal information. If you are a California resident, please be sure to review Section 15.a. Additional information for California Residents below for important information about the categories of personal information we collect and disclose and your rights under California privacy laws. If you are in the European Economic Area, please see Section 15.b. Users in the European Economic Area for more information about your rights under the EU General Data Protection Regulation (GDPR).

Scope of Our Policy

Personal Information We Collect

Purposes of Use and Legal Bases for Processing of Personal Information

Disclosure and Sharing of Personal Information

Cookies, Analytics and Personalization

Interest-based Advertising

Third Party Links and Features

User Generated Content

Security of Your Information

Data Retention

International Transfers of Data

User Rights and Choices

Contact Details

Changes to this Policy

Additional Information for Users in Certain Jurisdictions

1. Scope of Our Policy

This Policy applies to the personal information that ZeniMax collects and processes about Users related to our Services, including games published by Bethesda Softworks and ZeniMax Online Studios, and games developed by other ZeniMax studios; more information about our studios is available at www.zenimax.com/studios. This Policy does not apply to any third party websites, services, products or mobile applications maintained by other companies, which are linked to from our Services.

By registering for an account with us, providing your information to us through the Services, or otherwise using any of our Services, you understand and acknowledge that ZeniMax may process your personal information in accordance with this Policy. If you do not want this Policy to apply to you, please do not use the Services or communicate with us via the Services. If required by applicable law, we will obtain your consent to our collection, use, transfer and disclosure of your personal information.

Personal Information. In this Policy, our use of the term "personal information" includes other similar terms under applicable privacy laws—such as "personal data" and "personally identifiable information." In general, personal information includes any information that identifies, relates to, describes, or is reasonably capable of being associated, or reasonably linked or linkable with a particular individual.

Not Covered by this Policy. This Policy does not apply to job applicants and candidates who apply for employment with us, or to employees and non-employee workers in the context of our working relationship with them.

2. Personal Information We Collect

The information we collect about Users varies depending upon the circumstances and the Services used.

ZeniMax collects personal information directly from Users, automatically related to the use of the Services, and in some cases, from third parties (such as social networks, platform providers, payment processors, and operators of certain third party services that we use).

Information We Collect From You. Generally, we collect your personal information on a voluntary basis. However, if you decline to provide certain personal information that is marked mandatory, you may not be able to access certain Services or we may be unable to fully respond to your inquiry. We collect the following personal information from you:

  • Registration and Profile Information. To access and use certain Services (e.g., to register a game, download or use a mobile application, access subscription-based Services, create an account) you may be required to register with us, by providing us with certain required information, which is identified on the registration page. Depending upon the Services you use, this may include your name, a username and password, as well as country of residence, email, and contact information; certain Services will not be available if you decline to provide required information. We may also ask you or allow you to submit certain optional information, which may include your phone number, birthdate, location, preferences, a photo or avatar, and other profile information.

  • Purchases and Payments Information. If you make a purchase or sign up for certain subscription-based Services, you are required to provide your payment information, including name, billing and shipping address and details, payment type, as well as credit card number or other payment account details (e.g., PayPal). We work with third parties like payment processors and fulfillment partners to process these payments. We do not collect, receive, process or store credit card or debit card numbers, or other third-party payment account credentials (e.g., PayPal); this information is collected directly by these third parties. Depending upon the Service, we may receive your username, name, email, the payment type, product(s) or service(s), and other transaction details, and maintain records of your purchase and subscription history.

  • Marketing, Contests and Promotions. Users can sign up online or in-person (e.g., at tradeshows, conferences and the like) to receive direct marketing communications from us, including emails about game launches, developments, and upcoming releases. If you agree to receive direct marketing communications from us, we collect your email address, and we may also collect your name, preferences, and if relevant, information about your account and the Services and other games you use. We may also run contests, sweepstakes or other events or activities (collectively, "events") on our websites and social media channels. Information collected for these events may include your name, age, email address, and other information.

  • Your Communications. When you email us, call us, or otherwise send us communications regarding the Services, we collect and maintain a record of your contact details, communications and our responses. We may also maintain records of the in-game communications and information that you post in chat sessions, forums, and in other areas of the Services.

Information We Collect and Receive From Third Parties. We may collect and receive personal information about you from third parties, such as:

  • Third Party Platforms. You may be able to login through or connect certain third party accounts (each a " Third Party Account")—such as Steam, Twitch, Xbox Live, PSN and Facebook—to your account with us. These Third Party Accounts are operated and managed by third parties (each a "Third Party Platform"), and subject to the respective terms and conditions of each Third Party Platform. When you link a Third Party Account to use our Services, you may be able to connect and interact with and share game information with your friends and network from that Third Party Account, and, in some cases, you may be able to make purchases through or earn rewards (subject to applicable program terms) from that Third Party Account. In addition, we also may allow you to login to certain Services through Third Party Accounts, such as Google/Stadia (https://stadia.google.com/privacy), Steam (https://store.steampowered.com/privacy_agreement/) and Facebook (facebook.com/about/privacy/). If you choose to login this way, you are asked to share certain information with us (which may include name, email, friends and public profile information); the specific information and whether it is required or optional is stated on the permissions page when you log in with the Third Party Account.

  • Third Party Sites and Services. We also may use third party tools to help us manage and analyze our social media presence, and report on comments, mentions and other content that is posted about us on Third Party Platforms and other social media sites, other public channels and forums. The information collection and sharing practices of these third parties are subject to their respective terms and conditions and privacy policies.

  • Identifiers. When you access, play or use our Services through a Third Party Platform, we may collect or receive your registered email address and console identifier(s) (e.g., XUID and PUID), as well as IP address, MAC address, and other device identifiers.

Information We Collect About Your Usage and Activities. We collect personal information about how you use the Services and interact with us and others, such as information we collect automatically (e.g., using cookies and pixel tags), as well as information we derive about you and your use of the Services. Such information includes:

  • User IDs. We assign account holders an unique user identifier, which we use to identify and link relevant information to your activities within the Services (e.g., in-game information such as statistics, scores, achievements and subscription levels). Some of our games also may allow Users to play without creating an account and/or registering with us. In such cases, we may assign you a guest user ID so that we can keep track of your game play, scores, stats, purchasing data and usage data for your current and future sessions. If you later decide to register or create an account with us, we may associate your guest ID and the data from your guest session(s) with your account.

  • Your Activities, Stats, Friends and Preferences. We collect usage and preference details related to your use of the Services, such as language, in-game purchases, game-play statistics, scores, persona, characters, achievements, rankings, time spent playing, click paths, game profile, preferences, friends (including friend relationships through, for example, the creation of clans) and other data that you provide to us as part of your account.

  • Other Automatically Collected Information. We also may automatically or indirectly collect information about you, your computer or mobile device (such as when you use our Services, read our emails, through social media channels). We (and our third-party providers) may record log files and use cookies, pixel tags, local shared objects, java script, and other mechanisms to collect this information about you. For more information, see Section 5. Cookies, Analytics and Personalization below.

Children. ZeniMax does not knowingly request or collect personal information from children younger than 13 years of age. If you believe that we have collected personal information from a child under 13, please contact us as set forth in Section 13. Contact Details, below, and we will take action as necessary to securely delete such information.

3. Purposes of Use and Legal Bases of Processing for Personal Information

While the purposes for which we may process personal information will vary depending upon the circumstances, in general we use personal information for the purposes set forth in this section. In this section, we also explain the legal bases for which we process personal information about Users, as required by the EU General Data Protection Regulation (the "GDPR").

Legal Bases for Processing. Pursuant to the GDPR (and other relevant laws), in general, we process your personal information for the following legal bases:

  • Performance of our contract with you: The personal information we collect may be used to perform our agreements with you, including our Terms of Use, Code of Conduct and other terms and conditions applicable to the Services you use.

  • To comply with a legal obligation to which ZeniMax is subject: The personal information we collect may be processed in order to comply with the law and our legal obligations.

  • For our legitimate business interests. We may process personal information in furtherance of our legitimate business interests in protecting, maintaining and improving the Services; developing new games, features and services; marketing and promoting our Services (including by profiling and marketing to Users); protecting our legal rights and interests; in support of mergers, acquisitions, reorganizations and other business transactions; and to generally operate and improve our business.

  • With your consent. We may process personal information about you based on your consent, for example (where required by law) to send you marketing communications, surveys, news, updates and other communications. In addition, where required by applicable law, ZeniMax will obtain your consent to this Policy and our collection, use and disclosure of your personal information. Users may be able to withdraw their consent at any time in accordance with applicable laws; please see Section 12. User Rights and Choices below for information on how to withdraw your consent.

Purposes of Use and Processing. While the purposes for which we may process personal information will vary depending upon the circumstances, in general we use personal information for the purposes set forth below. Where GDPR or other similar laws apply, we have set forth the legal bases for such processing (see above for further explanation of our legal bases) in parenthesis.

  • Providing our Services and related support: including to operate the Services; to administer contests, programs and promotions; to communicate with Users about their access to and use of our Services; to respond to User inquiries; to fulfil User orders and requests; to process payments; to provide troubleshooting and other technical support; and for other customer service and support purposes. (Legal basis: performance of our contract with you; and for our legitimate business interests)
  • Protecting the integrity of the Services: including to verify your identity; to detect and prevent fraud and unauthorized activities; to facilitate software updates; to secure of our systems and the Services; to prevent hacking, cheats and spamming; to enforce our Terms of Use, Code of Conduct, and other applicable terms; and to protect the rights and safety of Users. (Legal basis: performance of our contract with you; compliance with laws; and for our legitimate business interests)
  • Analyzing and improving the Services and our business: including to better understand how Users access and use our Services; to evaluate and improve the Services and our business operations; to develop new games, features, offerings and services; to conduct surveys and other evaluations; and for other research and analytical purposes. (Legal basis: our legitimate business interests)
  • Personalizing the Services: including to tailor content we send or display on our websites and other Services (e.g., for your geographic area); to offer personalized help and instructions; to tailor your gameplay experiences; and otherwise personalize your experiences with the Services. (Legal basis: our legitimate business interests)
  • Advertising, marketing and promotional purposes: including to send or display targeted marketing; to reach you with more relevant ads and to evaluate, measure and improve the effectiveness of our ad campaigns; to send you newsletters, offers or other information we think may interest you; to contact you about our Services or information we think may interest you; and to administer promotions and contests. Where required by applicable law, we will obtain your consent to use your personal information for marketing and related purposes. (Legal basis: our legitimate business interests and/or with your consent)
  • Securing and protecting our business: including to protect and secure our business operations, assets, Services, network and information and technology resources; to investigate, prevent, detect and take action regarding fraud, unauthorized access, situations involving potential threats to the rights or safety of any person or third party, or other unauthorized activities or misconduct (Legal basis: our legitimate business interests and/or compliance with laws)
  • Defending our legal rights: including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with Users or third parties. (Legal basis: our legitimate business interests and/or compliance with laws)
  • Auditing, reporting, corporate governance, and internal operations: including relating to financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions; to maintain appropriate business records; to enforce company policies and procedures; and related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy or restructuring of all or part of our business. (Legal basis: our legitimate business interests and/or compliance with laws)
  • Complying with legal obligations: to comply with applicable legal or regulatory obligations, including as part of a judicial proceeding; to respond to a subpoena, warrant, court order, or other legal process; or as part of an investigation or request, whether formal or informal, from law enforcement or a governmental authority. (Legal basis: our legitimate business interests and/or compliance with laws)

4. Disclosure and Sharing of Personal information

ZeniMax may disclose your personal information as follows, and we will obtain your consent to do so where required by applicable law:

Service Providers and Processors. We may engage vendors, agents, service providers, and affiliated entities to provide services to us or to Users on our behalf, such as support for the internal operations of our websites, online stores (including payment processors), products (such as our games) and services (e.g., forum operations, and technical support processing), as well as related offline product support services, data storage and other services. In providing their services, they may access, receive, maintain or otherwise process personal information on our behalf. Our contracts with these service providers do not permit use of your personal information for their own marketing and other purposes.

ZeniMax Group Companies. Your personal information may be processed by members of ZeniMax Group companies (see www.zenimax.com/legal_information) for purposes of assisting us to market our Services and games, analytics, research and demographic studies, development, and to help us improve and tailor the Services we provide. If you have consented, we may also share your personal information so that they may contact you about other products and services offered by ZeniMax affiliates as set forth in Section 12. User Rights and Choices below. Our subsidiary or affiliate companies are subject to this Policy when they use your personal information.

Legally Required. We may also disclose your personal information if we believe we are required to do so by law, or that doing so is reasonably necessary to comply with legal processes; when we believe necessary or appropriate to disclose personal information to law enforcement or other governmental or regulatory authorities or the courts (in any relevant jurisdiction worldwide), such as to investigate actual or suspected fraud or violations of law, breaches of security, or breaches of this Policy; to respond to any claims against us; and, to protect the rights, property, or personal safety of ZeniMax, our customers, or the public.

Corporate Transaction. In addition, your personal information may be disclosed as part of any proposed or actual merger, sale, and transfer of ZeniMax assets, acquisition, bankruptcy, or similar event.

With Consent. We may also disclose your personal information to any other affiliated or third parties where you have consented or requested that we do so.

Notwithstanding anything else in this Policy, we may share aggregate or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual and the individual cannot be re-identified.

5. Cookies, Analytics and Personalization

We and our third-party providers use cookies, clear GIFs/pixel tags, JavaScript, local storage, log files, and other mechanisms to automatically collect and record information about your browsing activities, gaming performance and use of the Services. We may combine this "activity information" with other personal information we collect about you. Generally, we use this activity information to understand how our Services are used, track bugs and errors, provide and improve our Services, establish matchmaking, verify account credentials, allow logins, track sessions, prevent fraud, and protect our Services, as well as for targeted marketing and advertising, to personalize content and for analytics purposes (see Section 12. User Rights and Choices below for information about opting-in out of certain uses of your personal information).

Below, is a summary of these activities. For more detailed information about these mechanisms and how we collect activity information, see our Cookie Policy, which applies to our sites that display or link to this Cookie Policy, available at https://bethesda.net/document/cookie-policy.

Log Files. We collect certain activity information from log files. Log file information is automatically reported by your browser or mobile application to our servers when you access our Services. We record certain information from these log files, including web requests, IP address, browser type and version, language information, referring and exiting URLs, links clicked, pages viewed and other similar information.

Cookies. Are small files with a unique identifier that are transferred to your browser through our websites. They allow us to remember Users who are logged in, to understand how Users navigate through and use our Services, and to display personalized content and targeted ads (including on third party sites and applications).

Clear GIFs, pixel tags and web beacons. These are tiny graphics with a unique identifier, similar in function to cookies that we use to track the online movements of Users of our Services and to personalize content. We also use these in our emails to let us know when they have been opened or forwarded, so we can gauge the effectiveness of our communications.

Anti-Cheat and Fraud Prevention Technologies. We use "anti-cheating" and fraud prevention tools or applications, which may collect information about your browser, device and activities within the Services, to detect and prevent fraud and cheating.

Analytics Tools. We may use internal and third-party analytics tools (see our Cookie Policy at https://bethesda.net/document/cookie-policy for a list of third parties) to collect and aggregate activity data and other data across multiple channels.

Do-Not-Track signals. Please note that our Websites do not recognize or respond to any signal which your browser might transmit through the so-called 'Do Not Track' feature your browser might have. If you wish to disable cookies on our Services, you should not rely on any 'Do Not Track' feature your browser might have.

6. Interest-based Advertising

We work with third party ad networks, channel partners, measurement services and others ("third party ad companies") to display advertising within our Services, including third-party advertising, and to manage our advertising on third party sites, mobile apps and online services. We and these third party ad companies may use cookies, pixels tags, and other tools to collect activity information on our Services (as well as on third party sites and services), as well as IP address, device ID, cookie and advertising IDs, and other identifiers, general location information; we and these third party ad companies use this information to provide you more relevant ads and content within our Services and on third party sites and apps, and to evaluate the success of such ads and content. See our Cookie Policy (https://bethesda.net/document/cookie-policy) for more details about the third party ad companies we work with and first and third party tags used on the Services and on third party sites and apps.

Ad Choices. You may control how participating third party ad companies use the information that they collect about your visits to our websites and use of our mobile applications, and those of third parties, in order to display more relevant targeted advertising to you; for more information and to opt-out of receiving targeted ads from participating third-party ad networks go to:

Opting out of participating ad networks does not opt you out of being served advertising. You may continue to receive generic or "contextual" ads on our Services. You may also continue to receive targeted ads on other websites, from companies that do not participate in the above programs.

Custom Lists and Matching. Unless you have opted out, we may share certain hashed customer list information (such as your name, email address and other contact information ) with third parties—such as Facebook and Google—so that we can better target ads and content to our Users, and others with similar interests, within their services. These third parties use the personal information we provide to help us target ads and to enforce their terms, but we do not permit them to use or share the data we submit with other third-party advertisers. You may opt out of this as set forth below, in Section 12. User Rights and Choices.

7. Third Party Links and Features

Our Services may contain links to third party sites that are not owned or controlled by ZeniMax. We are not responsible for the collection and use of your information by these third-party sites. We recommend that you read the privacy notice of the website to which you link before you submit any personal information.

In addition, our Services may include or incorporate social media and other third-party features (e.g., widgets, buttons, and plugins), which are operated by third party platforms and networks such Facebook, Steam, Twitch, Twitter, Instagram, YouTube, and others. These features are hosted by the respective third-party operator even though they appear on our Services, and subject to your cookie preferences or when using third-party features the third party may collect your IP address, URL, date and time stamp, browser details and the like, subject to their own privacy policies.

8. User Generated Content

You may choose to disclose information (including personal information) about yourself in the course of contributing user generated content to ZeniMax Services such as forums. Information that you disclose in any of these forums is unencrypted public information, and may be accessed by members of the public, who are not subject to this Policy. In addition, when you enter certain public areas of our Services, your username and other public profile information may be viewable by others. You should have no expectation of privacy as to any information you post or display in our forums or games, or in your profile, or that you otherwise make available on our or through our Services.

9. Security of Your Information

The security of your personal information is important to us. ZeniMax takes steps to protect against possible breaches of our Services and the personal information we maintain. However, no website or Internet transmission is completely secure. Thus, ZeniMax cannot and does not guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. We urge you to take steps to keep your personal information safe, such as choosing a strong password and keeping it private, enabling multifactor authentication (where available), as well as logging out of your User account, and closing your web browser when finished using the Services.

10. Data Retention

We will retain your personal information as long as necessary for purposes for which the personal information was collected and is used by us, as stated in this Policy. If you wish to cancel your account or request that we no longer use your personal information to provide the Services to you please contact us as set forth below, in Section 13. Contact Details. However, if you withdraw consent or otherwise object to our collection, use and disclosure of your personal information, you may not be able to use the Services. Further, to the extent permitted by applicable law, we will retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements.

11. International Transfers of Data

ZeniMax is headquartered in the United States, and has operations, entities and service providers in the United States and throughout the world. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions (including the United States and other jurisdictions where we, our affiliates and service providers have operations) that do not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.

Users in the European Economic Area (EEA): Your personal information may be transferred to and processed in the United States and other jurisdictions that do not provide equivalent levels of data protection according to the European Commission. In such cases, ZeniMax will take steps to ensure that appropriate safeguards are in place to protect your personal information, including by putting in place standard contractual clauses as approved by the European Commission (the form for the standard contractual clauses can be found at http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm).

12. User Rights and Choices

ZeniMax gives Users several easy-to-use ways to access, amend and exercise their choices and rights regarding their personal information.

Marketing Preferences. You may change your email preferences and opt out of marketing communications through the Marketing Preferences tab in your account profile.

  • Marketing Emails. You can opt out or change your preferences for marketing emails in the Marketing Preferences tab of your account profile. You may also opt out by using the unsubscribe option in each marketing email we send to you. If you opt out of direct marketing communications, we may to the extent permitted by applicable law still send you non-promotional communications, such as those about your account or our ongoing business relations. For example, if our service is temporarily suspended for maintenance, r your payment could not be processed, we might send you an email.
  • Custom Lists and Matching. You can opt out of being included in Custom Lists and Matching campaigns by us, by updating your Marketing Preferences in your account profile.

Push Notifications. In some of our mobile Services, we may send push notifications from time-to-time in order to update you about the game, events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level.

Remove Content. If you wish to request removal of any User content you have posted, please contact us as set forth below, in Section 13. Contact Details.

Access, Amendment and Deletion. Registered Users may review and update their profile information and communications preferences directly within their account. If you would like us to delete your personal information, you may contact us to delete your account. Please contact ZeniMax Privacy as set forth below, in Section 13. Contact Details, to exercise your rights or make a request regarding your personal information.

Submitting a Privacy Request. Privacy requests should be directed to the ZeniMax Media Inc.'s privacy team as set forth below in Section 13. Contact Details. Please keep in mind that certain Services will not be available if you withdraw your consent, or otherwise delete or object to our processing of certain personal information. We will respond to your request in accordance with applicable law, and we will inform you if we do not intend to comply with your request.

California residents have certain rights, under California privacy laws, regarding their personal information, which are set forth below, in Section 15. "Additional Information for California Residents".

Individuals in the EEA have certain rights, under the GDPR, regarding their personal information, which are set forth below, in Section 15. "Additional Information for Users in the EEA" .

13. Contact Details

The controller for your personal information is ZeniMax Media Inc.,1370 Piccard Drive, Rockville, MD 20850 USA. In addition, for purchases made by Users in the EEA, ZeniMax Europe Ltd., Reg. No. 06333300, Haymarket House, 29-29 Haymarket, London SW1Y 4SP, is also a controller for your transaction data. This Policy applies to both ZeniMax Media Inc. and ZeniMax Europe Ltd., and data subjects may exercise their rights with respect to their EEA transaction data with both entities by contacting ZeniMax Media Inc. as set forth below.

If you have any questions, complaints or comments regarding our Policy or practices, please submit a request at:

https://help.bethesda.net/app/incident10/?prod=711&cat=1220 (Bethesda Users), or

https://help.elderscrollsonline.com/app/incident/?category=1220 (The Elder Scrolls Online Users).

You may also contact us via email or mail:

[email protected]

ZeniMax Media Inc.
1370 Piccard Drive
Rockville, Maryland 20850 USA
Attn: ZeniMax Customer Service/Privacy

ZeniMax Media Inc. has appointed its subsidiary ZeniMax Europe Limited: Haymarket House, 28-29 Haymarket, London SW1Y 4SP, United Kingdom as its representative office for purposes of the GDPR.

As previously mentioned, we are a member of ESRB's Privacy Certified Program. If you believe that we have not responded to your inquiry or your inquiry has not been satisfactorily addressed, please contact ESRB Privacy Certified at https://www.esrb.org/privacy/contact/ or:

ESRB
Attn: VP, Privacy Certified Program
420 Lexington Avenue, Suite 2240
New York, NY 10170 USA

[email protected]

14. Changes to this Policy

This Policy is current as of the Last Updated set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Services. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change, such as by highlighting the change on website or sending you an email, and giving you additional choices regarding such change prior to the material change becoming effective.

15. Additional Information for Users in Certain Jurisdictions

a. Additional Information for California Residents.

Below, we provide information, as required under California privacy laws, including the California Consumer Privacy Act ("CCPA"), which requires that we provide California residents certain specific information about how we handle their personal information, whether collected online or offline. This section does not address or apply to our handling of publicly available information made lawfully available by state or federal governments or other personal information that is subject to an exemption under Section 1798.145(c) – (f) of the CCPA.

Categories of Personal Information We Collect and Disclose. Our collection, use and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident. The table below sets out generally the categories of personal information (as defined by the CCPA) about California residents that we collect, sell, and disclose to others for a business purpose. We collect these categories of personal information from the sources described above, in Section 2. Personal Information We Collect, and for the purposes described above, in Section 3. Purposes of Use Purposes of Use and Legal Bases for Processing of Personal Information.

Categories of personal information Do we collect? Do we disclose for business purposes?
Name, Contact Info and other Identifiers: identifiers such as a real name, alias, address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. Yes Yes
Customer Records: paper and electronic customer records containing personal information, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, employment history, social security number, passport number, driver’s license or state identification card number, insurance policy number, bank account number, credit card number, debit card number, or any other financial or payment information, medical information, or health insurance information. Yes Yes
Purchase History and Tendencies: commercial information including records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies. Yes Yes
Usage Data: internet or other electronic network activity information, including, but not limited to, browsing history, clickstream data, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement, including access logs and other activity information related to your use of any company websites, applications or other online services. Yes Yes
Geolocation Data: precise geographic location information about a particular individual or device. Yes Yes
Audio, Video and other Electronic Data: audio, electronic, visual, thermal, olfactory, or similar information such as, CCTV footage, photographs, and call recordings and other audio recording (e.g., recorded meetings and webinars). Yes Yes
Profiles and Inferences: inferences drawn from any of the information identified above to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. Yes Yes

Categories of Personal Information Sold. The CCPA defines a "sale" as disclosing or making available to a third party personal information in exchange for monetary or other valuable consideration. While we do not disclose personal information to third parties in exchange for monetary compensation from such third parties, we do disclose or make available personal information to third parties, in order to receive certain services or benefits from them. For example, we may allow third party tags to collect information such as browsing history through our Sites and Apps in order to better reach Users with relevant ads and to improve and measure our ad campaigns, or to display third party ads in our Services. Pursuant to the CCPA, the categories of Personal Information that we may "sell" as defined under the CCPA includes:

  • Name, contact information and other identifiers
  • Usage Data
  • Profiles and inferences

California Residents' Rights. California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.

Do-Not-Sell. California residents have the right to opt-out of our sale of their personal information. Opt-out rights can be exercised by going to https://bethesda.net/document/cookie-preferences. We do not sell personal information about residents who we know are younger than 16 years old.

Initial Notice. We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such information is used. We will make this Privacy Policy available to Users online, in order to satisfy this requirement.

Requests to Delete. Subject to certain exceptions, California residents have the right to, at no charge, request deletion of their personal information that we have collected about them and to have such personal information deleted, except where an exemption applies.

Request to Know. California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance. California residents also have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including the:

  • categories of personal information collected;
  • categories of sources of personal information;
  • business and/or commercial purposes for collecting and selling their personal information;
  • categories of third parties/with whom we have disclosed or shared their personal information;
  • categories of personal information that we have disclosed or shared with a third party for a business purpose; and
  • categories of third parties to whom the residents' personal information has been sold and the specific categories of personal information sold to each category of third party.

California residents may make a Request to Know up to twice every 12 months.

Submitting Requests to Know and Delete. Requests to Know and Requests to Delete may be submitted:

We will respond to verifiable requests received from California residents as required by law.

Right to Non-Discrimination. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA. Discrimination may exist where a business denies or provides a different level or quality of goods or services, or charges (or suggests that it will charge) different prices, rates, or penalties on residents who exercise their CCPA rights, unless doing so is reasonably related to the value provided to the business by the residents' data.

Financial Incentives. A business may offer financial incentives for the collection, sale or deletion of California residents' personal information, provided it is not unjust, unreasonable, coercive or usurious, and is made available in compliance with applicable transparency, informed consent, and opt-out requirements. California residents have the right to be notified of any financial incentives offers and their material terms, the right to opt-out of such incentives at any time, and may not be included in such incentives without their prior informed opt-in consent; we do not offer any such incentives at this time.

You Rights Under California's Shine-the-Light Law. We do not share personal information collected online with unaffiliated third parties for their own direct marketing purposes and will not do so unless you agree to such disclosure. If you are a California resident and you still believe your information has been shared or you have general questions about how your information may have been shared, you may contact us by requesting a list of the third parties to which we have disclosed personally identifiable information about you for their own direct marketing purposes. You may make one request per year. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. You may request this information in writing by contacting us via the contact details set out in Section 13. Contact Details above.

For more information about our privacy practices, you may contact us as set forth above, in Section 13. Contact Details.

b. Additional Information for Users in the EEA

Below, we inform about other rights, including GDPR and similar applicable laws, that may apply to you. Subject to the conditions set out in the applicable law, Users in in the European Union/European Economic Area (and in other jurisdictions where similar rights apply) have the following rights regards our processing of their personal information:

  • Right of access. If you ask us, we will confirm whether we are processing your personal information and, if necessary, provide you with a copy of that personal information (along with certain other details).

  • Right to correction (rectification). If the personal information we hold about you is inaccurate or incomplete, you are entitled to request to have it corrected. If you are entitled to have information corrected and if we have shared your personal information with others, we will let them know about the rectification where possible.

  • Right to erasure. You can ask us to delete your personal information in some circumstances, such as where we no longer need it or if you withdraw your consent (where applicable). If you request that we delete your personal information, we may do so by deleting your account(s) with us.

  • Right to restrict (block) processing. You can ask us to restrict the processing of your personal information in certain circumstances, such as where you contest the accuracy of that personal information or you object to our use or stated legal basis.

  • Right to data portability. You have the right, in certain circumstances, to receive a copy of personal information we have obtained from you in a structured, commonly used and machine readable format, and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.

  • Right to object to marketing. You can ask us to stop processing your personal information to the extent we do so on the basis of our legitimate interests for marketing purposes. If you do so, we will stop such processing for our marketing purposes.

  • Right to object. Where our processing is on the basis of our legitimate interests (other than marketing purposes), we must stop such processing unless we have compelling legitimate grounds that override your interest or where we need to process it for the establishment, exercise or defense of legal claims. Where we are relying on our legitimate interests (other than marketing), we believe that we have a compelling interest in such processing, but we will individually review each request and related circumstances.

  • Rights not to be subject to automated decision-making. You have the right not to be subject to a decision when it is based on automatic processing if it produces a legal effect or similarly significantly affects you, unless it is necessary for entering into or performing a contract between us. ZeniMax does not engage in automated decision-making.

  • Right to withdraw your consent. In the event your personal information is processed on the basis of your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

  • Right to lodge a complaint. You also have the right to lodge a complaint with a supervisory authority if you consider that our processing of your personal information infringes the law.

Please note that some of these rights may be limited, such as where we have an overriding interest or legal obligation to continue to process the data. Please contact us using the information set out above, in Section 13. Contact Details, if you wish to exercise any of your rights or if you have any enquiries or complaints regarding the processing of your personal information by us.