Last updated: May 9, 2023
Thank you for choosing to be part of our community at CCG Lab (“company”, “we”, “us”, or “our”).
- What Types of Personal Information Do We Collect?
- How Do We Use Personal Information?
- How Do We Share Personal Information?
- How Do We Respond to ‘Do Not Track’ Signals?
- Your Privacy Choices
- Legal Bases for Processing (EEA and UK Individuals)
- EEA and UK Individuals’ Rights
- International Transfers of Data
- Children’s Privacy
- Change of Control
- Security and Data Retention
- Policy Changes
- Contact Information
What Types of Personal Information Do We Collect?
Information You Give Us. You may give us information by registering for an account, entering information through our online forms or surveys, purchasing or ordering physical or digital items or services, or contacting us by phone or email for information or customer service.
- User profile: We collect data when users create or update their user profile. This may include their name, birthdate, display or username and password, country, email, username or ID for other gaming platforms, and payment information (including related payment verification information).
- Commercial information: We may collect information about transactions made through the Services, or transaction identifiers.
- User content: We collect the information users submit when they contact customer support, provide ratings or otherwise contact us. This may include feedback, photographs, or other recordings collected by users.
Information Created During Your Use of Our Games and Services. We may collect information such as gameplay data or other in-game data during your use of our game.
The categories of information include:
- Payment data: We, or our payment processing providers, may collect payment data, including related payment verification data, from you in order to process in-game purchases.
- Device and log data: We may collect data about the devices used to access our Services, including the hardware models, device IP address, operating systems and versions, software, preferred languages, unique device identifiers, advertising identifiers, serial numbers, device motion data, and mobile network data.
- Communications data: We enable users to communicate with each other and us through the Services. To provide this service, we receive some data regarding the communications, including the date and time of the communications and the content of the communications. We may also use this data for customer support services (including to resolve disputes between users), for safety and security purposes, to improve our products and Services, and for analytics.
Information We Collect From Third Parties. If you access our Services through third parties (e.g., Facebook or Google or other gaming platforms), or if you share content from our Services to a third-party social media service, the third-party service will send us certain information about you if the third-party service and your account settings allow such sharing. The information we receive will depend on the policies and your account settings with the third-party service. We may also collect information from joint marketing partners and service providers.
How Do We Use Personal Information?
We use your personal information as follows:
- To provide you with the games or services on our platform, which involves buying, selling, or trading collectible cards and other collectible assets
- To process your transactions with our payment providers or platforms
- To market our products and/or services to you
- With respect to website cookies, to share with third-party marketing partners to provide tailored advertising on our Services and other websites that you may visit
- To analyze Services usage and improve the services offered
- For requesting feedback, market research, project planning, troubleshooting problems
- To provide you with employment opportunities
- For detecting and protecting against error, fraud or other criminal activity and respond to legal requests
How Do We Share Personal Information?
With Other Users During Your Use of the Services. We may share gameplay and other CCG Lab game-related data with other CCG Lab users during gameplay.
With Digital Content Stores. The Services are made available to download via third party platforms such as Xbox Live and PlayStation Network. We may disclose your personal information for the purposes of making the Services available and facilitating any in-game purchases.
Affiliates and Service Providers. We share your information with our third-party service providers and any subcontractors as required to offer you our products and services. The service providers we use help us to:
- run, operate and maintain our Services through third party platform and software tools;
- perform content moderation and crash analytics;
- run email and mobile messaging campaigns;
- perform game and marketing analytics;
- provide measurement services and target ads (you can opt out of these services at websites such as http://www.aboutads.info/choices and http://www.youronlinechoices.eu/);
- provide payment attribution; and,
- provide technical and customer support.
Aggregated Data. We may also aggregate or otherwise strip information of all personally identifying characteristics and may share that aggregated, anonymized data with third parties or publish it. This data does not personally identify you and helps us to measure the success of the Services and its features and to improve your experience. We reserve the right to make use of any such aggregated data as we see fit.
Third Party Links and Websites. Our Services may contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept liability for these policies. Please check these policies before you submit any data to these websites.
Disclosures Required by Law. We may be required to disclose your data in response to lawful requests by public authorities, including to meet law enforcement requirements. We may be under a duty to disclose or share your personal information in order to comply with any legal obligation, to enforce or apply our terms and conditions and other agreements, to protect our rights, property, or safety, or to protect the rights, property, or safety of others. This includes exchanging information with other companies and organizations for the purposes of fraud protection.
How Do We Respond to ‘Do Not Track’ Signals?
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. We do not recognize or respond to browser-initiated DNT signals, as the Internet industry is currently still working toward defining exactly what DNT means, what it means to comply with DNT, and a common approach to responding to DNT.
- Cookie settings in Chrome
- Cookie settings in Firefox
- Cookie settings in Microsoft Edge
- Cookie settings in Safari web and iOS
Personalized Advertising. We may also use targeted advertising cookies, such as Google Ads, to deliver tailored advertising on our Services and other websites that you may visit. You can learn more about how to control advertising cookies by visiting the Network Advertising Initiative’s Consumer Opt-Out link, the DAA’s Consumer Opt-Out link for browsers, or the DAA’s opt-out link for mobile devices. Please note that electing to opt-out will not stop advertising from appearing in your browser or applications and may make the ads you see less relevant to your interests.
Your Privacy Choices
You may have certain rights relating to your personal information, subject to local data protection laws. Please contact us using the contact details provided in the “Contact Information” section below if you would like to exercise your privacy rights.
Marketing Opt Out: We may use your personal information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe instructions provided in any email we send, or you can contact us using the contact details provided in the “Contact Information” section below. You will still continue to receive service-related messages concerning products and services you have purchased (unless we have indicated otherwise).
Push Notification Opt Out: We may send you notifications to your device. You can configure your device settings to turn off these notifications.
Exercising Your Privacy Rights. We have listed the privacy rights for several jurisdictions below, but we understand you may have additional rights in your jurisdiction. You may contact us directly at any time about exercising your data protection rights. We will consider your request in accordance with applicable laws.
Additional Disclosures for Certain U.S. State Residents
Certain state laws require that we detail the categories of personal information that we disclose for certain “business purposes,” such as to service providers that assist us with securing our services or marketing our products. We disclose the following categories of personal information for our business purposes:
- Personal information under California Civil Code section 1798.80;
- Commercial information;
- Internet activity information; and
- Inferences drawn from any of the above information categories. Sensitive categories of personal information include:
- Account log-in information;
- Financial account information.
Several jurisdictions grant state residents certain rights, including the right to access specific types of personal information, the right to correct inaccurate personal information, the right to learn how we process personal information, the right to know whether and how we disclose or sell personal information, the right to opt out of any sale of personal information, the right to request deletion of personal information in certain circumstances, the right to limit our use of your sensitive personal information, and the right not to be denied goods or services for exercising these rights.
To make such a request, please contact us using the contact details listed in the “Contact Information” section below.
Limit the Use of My Sensitive Personal Information. We do not use or disclose sensitive personal information for any purpose other than providing our goods and services to you, or as otherwise permitted under applicable law.
Authorized Agents. If you are an authorized agent wishing to exercise rights on behalf of a state resident, please contact us using the information in the “Contact Information” section below and provide us with a copy of the consumer’s written authorization designating you as their agent. We may need to verify your identity and place of residence before completing your rights request.
Third Party Marketing. California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information to third parties for the third parties’ direct marketing purposes. We do not disclose your personal information to third parties for the third parties’ direct marketing purposes.
Legal Bases for Processing (EEA and UK Individuals)
If you are from the European Economic Area or United Kingdom, our legal bases for collecting and using your personal information is as follows:
- The performance of your contract or to enter into the contract and to take action on your requests. For example, the processing of your account registration, providing information on your transactions, or facilitating the transfer of services or products that you purchased, whether digital or physical in nature.
- Our legitimate business interests. For example, fraud prevention, maintaining the security of our network and services, direct marketing to you, and improvement of our services.
- Compliance with a mandatory legal obligation. For example, accounting and tax requirements, which are subject to mandatory retention periods. We may also collect your personal information to record your requests to exercise your rights and to verify your identity for such requests.
- Consent you provide where we do not rely on another legal basis. Consent may be withdrawn at any time.
- In some limited cases, we may also have a legal obligation to collect personal information from you, in response to lawful requests by public authorities, including to meet law enforcement requirements, as described above in “How Do We Share Personal Information?”
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided in the "Contact Information" section below.
EEA and UK Individuals’ Rights
If you are from the European Economic Area or United Kingdom, you have the right, under certain circumstances, to:
- Access your personal information;
- Correct inaccurate personal information;
- Request erasure of your personal information without undue delay;
- Request the restricted processing of your personal information;
- Request portability of the personal information that you have given us; and
- To object to the processing of your personal information.
If you are from the European Economic Area, you also have the right to lodge a complaint with a supervisory authority, under certain circumstances.
You may contact us using the contact details provided in the “Contact Information” section below for more information or to exercise your rights.
International Transfers of Data
Any data that you provide to us may be accessed, shared or processed by our offices, located in the United States, and service providers located in the United States, if such data transfer is necessary for the specific purpose for which you submitted your data (such as the provision of goods or services under a written contract).
This may entail a transfer of your personal information across international borders. The data protections standards may differ and be lower than the standards enforced in your jurisdiction.
We maintain appropriate safeguards as required by applicable law for any personal information transferred internationally.
The Services are not directed at individuals under the age of 13 We do not knowingly collect personal information from children under 13 without verifiable parental consent or as permitted by law. If you become aware that a child under the age of 13 has provided us with personal information without their consent or the verifiable consent of their parent or guardian, please contact us using the contact details provided in the “Contact Information” section below, and we will take steps to delete such information.
Change of Control
Personal information may be transferred to a third party as a result of a sale, acquisition, merger, reorganization or other change in control. If we sell, merge or transfer any part of the business, part of the sale may include your personal information.
Security and Data Retention
We implement a variety of security measures to maintain the safety of your personal information when you enter, submit, or access your personal information. For example, when possible, we use encryption to transfer and store data. We further limit access to this data using access controls and confidentiality commitments.
However, no website, application, or transmission can guarantee security. Thus, while we have established and maintain what we believe to be reasonable procedures to protect the confidentiality, security, and integrity of personal information obtained through the Services and Apps, we cannot ensure or warrant the security of any information you transmit to us.