Castle of Blackwater:
- Account Creation: For setting up your account, we require your chosen username, IP address, and email address.
- Linking to Other Game Platforms: To connect your account with other gaming platforms, we utilize your username and online IDs. In certain instances, your IP address and email address may also be used.
- In-Game Purchases: When you make purchases within the game, we might collect additional personal details to complete these transactions, including your name, physical address, and payment details.
- Customer Support Interaction: Should you contact us directly for assistance, the information you provide will be used to address and resolve the issue you’ve encountered.
- Data Privacy Commitment: We do not gather sensitive data such as your precise geolocation. Additionally, we neither sell nor share your personal information for advertising or profiling.
- Caution Against Sharing Private Information: We advise against including private details in your username or chat messages. While we do not save such information, other users might record or utilize it.
Online Purchases: When you make a purchase on our website, we require your name, mailing address, phone number, email address, payment details, and your order history to process and complete your orders.
Marketing Newsletter Subscription: By subscribing to our marketing newsletter, we will utilize the email address you submit for sending you the newsletter.
Direct Inquiries: In instances where you contact us directly, the information you provide will be used to assist in resolving any issues or queries you have.
Castle of Blackwater B.V., a company incorporated in the Netherlands with limited liability status (“we,” “us”, “our team,” “the company,” and similar terms), offers a range of online services. This includes our primary website, www.castleofblackwater.com, along with all its subdomains (referred to together as the “Website”), our video game titled “Castle of Blackwater” (hereafter, the “Game”), and various other digital services. These, combined with the Website and the Game, are collectively known as the “Services.”
1. Coverage of This Policy:
This Policy does NOT extend to any information that you may provide to third parties or that may be collected by third parties, except as specifically addressed in subsequent sections.
By engaging with our Services, you affirm your comprehension of the English language to a degree that ensures your understanding of this Policy. If you have any questions or need clarification regarding this Policy, please feel free to reach out to us. You can email us at firstname.lastname@example.org or send your inquiries by post to Castle of Blackwater, De Nieuwe Erven 12, 5431NT, Cuijk, Netherlands.
2. What categories of Personal Information do we collect?
Our collection of information, including Personal Information, varies based on your interaction with our Services. We define “Personal Information” as data that identifies or can be used to identify a natural person. Below are the categories of Personal Information we might collect. Note that some types of Personal Information may overlap across multiple categories.
- Full name
- Mailing address
- Unique identifiers such as account ID, support ticket ID, or IDs from third-party platforms
- IP address
- Information about your device, including device IDs
- Email addresses
- Details of payment methods
- Records of purchases and transactions
Internet or Other Similar Network Activity:
- Your interactions with our Website
- Details of your gaming activities
- General location data (not precise)
- Postal codes
- City names
- State or country information
- Data from publicly shared content in our Game, including public forums or our social media pages (like Discord, Twitch, TikTok, Twitter, Facebook, Instagram)
- Information you provide directly to us when contacting us or reporting an issue with our Services, including issues with other users
We do not deliberately collect or process any sensitive Personal Information.
Additionally, we may gather information that does not directly identify you but could be linked to your account. This non-identifying information may be used for any lawful business or operational purposes as permitted by applicable laws.
3. From what sources do we collect Personal Information?
Directly From You Your
We might gather your Personal Information when you directly supply it to us, as illustrated in the following examples:
- Account Creation: When setting up your account for our Game, we gather your username and email address.
- Public Interactions: In our Game or on our social media platforms (like Discord, TikTok, Twitch, Twitter, Facebook, Instagram), any information you publicly share is collected.
- Newsletter Subscription: Your email address is collected when you subscribe to our newsletter.
- Customer Support: If you reach out to us or report an issue with our Services, we collect details such as your email address, full name, and the content of your communications.
- Surveys and Questionnaires: We collect the responses and information you provide in these.
Automatically From You
From Third Parties
We also receive Personal Information from third-party sources aiding in providing or facilitating access to our Services, including:
- E-commerce and Merchandising Providers (e.g., Shopify Inc.): We may receive your name, address, email, phone number, purchase history, and payment details when you buy merchandise.
- Player Support Services (e.g., Zendesk, Inc.): Your email, support ticket ID, and correspondence records may be collected when you contact us or report a service issue.
- Digital Content Stores and Game Platforms (e.g., Epic Games, Steam, Google LLC, Microsoft Corp, Apple Inc.):
- When you integrate your account with our services, we might obtain your username from platforms like Epic Games, Steam, Google, Microsoft, and Apple, as well as your platform ID from Epic Games, Google, Microsoft, and Apple. Additionally, your Internet Protocol address and email address may be received from Apple.
- Should you buy in-game content or features post-account linkage, your purchase history could be sourced from Epic Games, Steam, Google, Microsoft, and Apple. Google may also provide us with your zip code, city, and state or country details.
- In instances where you invite friends to join our Game, their platform IDs from Epic Games, Steam, Google, Microsoft, and Apple might be shared with us.
- If you post a review of our Game in the Microsoft Store, we may collect information such as your device type, username, and country.
- When reaching out to Google for issues related to our Game, we might receive details like your purchase history, zip code, state or country, and city.
- For functionalities like displaying your friends list or accepting game invites, we may access the usernames of your friends from various platforms including Epic Games, Steam, Google, Microsoft, Apple, and Valve
- Payment Service Partners (e.g., Stripe, Spark): For in-game purchases, we may receive your email, geolocation, and payment information.
- Backend Service Providers (e.g., Epic Games, Inc.): Online and device IDs may be collected when you create an account.
- Analytic Service Providers (e.g., Unity Technologies): Online IDs are collected upon game installation.
- Diagnostic Service Providers (e.g., Sentry): Online IDs are collected, excluding Child Users.
- Wallet Connectors: When connecting a blockchain wallet to our website, we collect and store your public wallet address.
While we adhere to this Policy in using Personal Information provided by third parties, we do not control how these third parties collect or use your Personal Information. We recommend reviewing their privacy policies for more insights into their data handling practices.
4. How do we and third parties utilize cookies and other automatic data collection technologies?
Cookies are small files of data that are sent to and stored on your computer or mobile web browser. These enable both us and third parties to recognize your browser or mobile device and gather information about your use of our Services.
We employ cookies and similar technologies in our Services for the purpose of gathering Personal Information, as detailed in the examples below:
- Website Visits: When you access our Website, we might collect data about how you interact with it, including which pages you visit.
- Account Creation and Gameplay: In the process of setting up your account for our Game or during gameplay, your Internet Protocol address may be automatically collected.
- Customer Support Interactions: If you reach out to us or report an issue with our Services, we might collect your Internet Protocol address along with information about your device.
- In-Game Reporting: Should another user report you within the Game, we may automatically gather your chat logs and any previous sanctions.
Third-Party Cookies and Other Automatic Data Collection Technologies
In addition to our own, our Services also incorporate cookies and automatic data collection technologies from various third parties, as outlined below. These tools are instrumental in enhancing your user experience by allowing us to more effectively tailor our Services to your needs.
- Shopify Inc.: Our merchandise website utilizes Shopify, a service provided by Shopify Inc., based in Canada at 151 O’Connor Street, Ground floor, Ottawa, Ontario, K2P 2L8. Shopify employs automatic data collection tools to gather your Personal Information on our behalf, aiding in the enhancement of your experience on our merchandise website (like tracking your interactions and IP address). For a detailed understanding of Shopify’s data handling, you can consult its Cookies Policy.
- Unity Technologies: We engage Unity Analytics, a service from Unity Technologies SF at 30 3rd Street, San Francisco, CA 94103, and Unity Technologies Finland OY, Kaivokatu 8 B, 00100 Helsinki, Finland. Unity’s technologies collect Personal Information directly from your device to assist in analyzing your interaction with our Game. Unity’s Cookies Policy provides further details, including how to limit the collection of your data (such as purchase history, IP address, approximate geolocation, and gameplay specifics).
- Stripe (USA), Inc.: Our Game’s key purchases are facilitated using Stripe, a service by Stripe (USA), Inc. Stripe employs cookies to collect your Personal Information, aiding in transaction processes (such as capturing your IP address). Stripe’s privacy practices are detailed in its Cookies Policy.
- Spark: We use Spark for processing web3 payments. Spark may collect your personal information linked to your blockchain wallet or the details you provide during the sales process. Website.
Options Regarding Cookies
You have the ability to configure your browser settings to either reject all or certain browser cookies, or to notify you when cookies are being used. It’s important to be aware that if you choose to disable or decline cookies or other automatic data collection technologies, you might find that certain parts of our Services become unavailable or do not operate effectively.
5. What are the purposes for collecting your Personal Information?
Beyond the reasons already mentioned, we gather your Personal Information for the following purposes:
- To Enhance and Deliver Our Services: Your Personal Information is utilized to process your requests for accessing our Services and their various features, as well as to improve the overall quality of our Services. For instance, we might use your information to enhance the features of our Game.
- For Service Administration: We employ your Personal Information for any legitimate business or operational reasons related to the management of our Services. For example, if you contact us, we use your information to respond and address any issues you face with our Services.
- To Promote Our Services: We might use your Personal Information to market our Services to you. With your explicit consent, we could send you updates and news about our products and Services.
- In Case of Business Transfers: If our business undergoes a sale, merger, restructuring, bankruptcy, or other such events, your Personal Information may be part of the transferred assets.
- As Notified During Collection: There might be instances where we collect your Personal Information and simultaneously inform you about the specific purpose of that collection.
Lawful Basis for Data Collection
Our collection, usage, and storage of your Personal Information are grounded in lawful justifications, such as:
- Your explicit and informed consent, given voluntarily (for instance, when you opt into our newsletter);
- The necessity to fulfill a Service you have requested (like granting access to our Game);
- Our legitimate business interests, which do not infringe upon your privacy rights (such as responding to your queries);
- The need to safeguard your vital interests or those of others (for example, in situations critical for user safety or the safety of others).
6. Under What Circumstances Do We Share Your Personal Information?
We might share your Personal Information with third parties, like service providers or contractors, for business or operational reasons, or when we have your consent. In cases where Personal Information is shared for business or operational purposes, we establish a contractual agreement with the service provider or contractor. This agreement specifies the purpose of sharing and mandates the confidentiality of the information, restricting its use solely to the execution of the contract. Our service providers and contractors in this context include:
- Backend service providers, for instance, Epic Games, Inc.;
- E-commerce and merchandising service providers, such as Shopify Inc., Dual Wield Studio LLC, and Penny Arcade, Inc.;
- Player support and moderation service providers, including Keywords Studios Plc and ModSquad, Inc.
We may also share your Personal Information in the following scenarios:
- With our subsidiaries and affiliated entities;
- With our legal advisors, consultants, accountants, business advisors, and other similar professionals who are bound by confidentiality obligations to us;
- To a potential acquirer or other successor entity in the event of a corporate transaction such as a sale, merger, divestiture, restructuring, reorganization, dissolution, or any other transfer of some or all of our assets, whether as part of ongoing business operations or in connection with bankruptcy, liquidation, or similar proceedings, where Personal Information held by us about our Service users is among the transferred assets;
- To comply with legal obligations, such as court orders, laws, or legal processes, including responding to requests from government or regulatory bodies;
- To enforce any existing contract with you;
- When we believe that disclosure is necessary or appropriate to protect our rights, property, or safety, as well as that of our users or others; and
- If you have explicitly agreed to the disclosure.
We assure you that we do not sell, rent, or share your Personal Information for purposes such as cross-contextual behavioral advertising, automated decision-making, or profiling.
7. How Do We Safeguard Your Personal Information?
Our Approach to Data Retention, Purpose Limitation, and Security
We ensure the protection of your Personal Information through a blend of policies focused on collection, security, and retention.
- Purpose Limitation: Your Personal Information is used solely for the Services you engage with and for the purposes we have communicated to you, unless we receive your additional consent. We restrict our collection of Personal Information to what is necessary and relevant for these purposes.
- Security Measures: We implement reasonable security measures commensurate with the amount and nature of the Personal Information processed, considering our business’s size, scope, and type. These measures, which include contractual, technical, administrative, and physical safeguards, are designed to protect your Personal Information from unauthorized access, disclosure, use, and modification. This includes industry-standard encryption methods for transmitting Personal Information (like DTLS, TLS 1.2+, HTTPS) and secure hashing techniques for storing it (such as SHA256+Salt). We regularly review and update our security procedures to incorporate new technology and methods as needed. However, it’s important to note that no security system is infallible. In the event of a security breach, we are committed to informing regulatory authorities and any affected users within 72 hours of becoming aware of the breach, as mandated by applicable laws.
Your Responsibilities in Protecting Your Personal Information
Your actions and practices play a crucial role in safeguarding your Personal Information. It’s important for you to take proactive steps to ensure its protection, especially in what you choose to share within our Game. Consider the following guidelines:
- Avoid using your real name as your username.
- Refrain from disclosing your real name or any private details about yourself or others to fellow game users.
- Choose a password that isn’t easily guessable and keep it confidential.
Please be aware that we cannot control how other users might use the information you share in your communications, and we do not bear responsibility or obligation concerning the actions of other users.
8. Handling of Personal Information Transferred to the United States
Location of Operations
It’s possible that we process or store your Personal Information outside the country where it was initially collected or outside your country of residence. Our main business operations are based in The Netherlands. Therefore, for certain operational and processing activities as outlined in this Policy, we might transfer part or all of your Personal Information to The Netherlands.
Safeguards for International Transfers
In the process of moving Personal Information from foreign countries, we employ a range of protective measures to ensure the security of your data. These include the use of standard contractual clauses approved by the European Commission, along with other necessary measures as dictated by relevant laws. For any inquiries regarding the specific transfer mechanisms used for your Personal Information, please feel free to reach out to us.
9. Your Rights Regarding Personal Information
Access, Correction, Deletion, and Processing Restrictions
Under applicable laws, you are entitled to certain rights concerning your Personal Information, including:
- The right to access and modify your Personal Information. Often, you can manage your account information directly through your online account.
- The right to request the deletion of your Personal Information. Upon such a request, we will execute the deletion within 30 days after verifying your account, with possible extensions. We will retain only minimal information necessary to record your request and our compliance.
- The right to limit certain processing activities and to object to some processing methods of your Personal Information.
- The right to revoke your consent at any given time.
- The right to file a complaint about our handling of your Personal Information with a data protection authority in your country of residence or employment.
We will honor these requests in line with applicable laws. However, there are exceptions, such as when we have a legitimate overriding reason to retain your information (like fraud prevention) or when compliance with your request is not required due to legal constraints, such as inability to verify your identity or potential adverse effects on others’ rights and freedoms. Additionally, we may not fulfill requests deemed excessive.
Assistance with Your Privacy Concerns
For assistance in exercising any of the above rights or if you have questions about these rights, please contact us. You can email us at email@example.com with the subject “Privacy Request” or send your queries by post to Castle of Blackwater B.V., De Nieuwe Erven 12, 5431NT, Cuijk, Netherlands.
10. Additional Notice for California, Colorado, Connecticut, Utah, and Virginia Residents
California Online Privacy Protection Act
Applicable to Residents of California:
- Our Services do not monitor the activities of users over time across third-party websites or online services, hence we do not engage with Do Not Track signals. We are also not aware of any third parties that track the activities of users of our Services in this manner. It’s important to distinguish that Do Not Track is a separate privacy mechanism from the Global Privacy Control, which is a browser-based tool legally recognized for opting out of the processing of Personal Information for specific purposes.
California Shine the Light Law
Applicable to Residents of California:
- As a resident of California, you can request details from us about any sharing of Personal Information with third parties for direct marketing purposes that might have occurred in the previous calendar year. If you’re a California resident and want to inquire about our adherence to this law or our privacy practices, please send an email to firstname.lastname@example.org with the subject “California Shine the Light Law” or mail your request to Castle of Blackwater B.V., De Nieuwe Erven 12, 5431NT, Cuijk, Netherlands.
State Privacy Laws
For residents of California, Colorado, Connecticut, Utah, and Virginia (this Section 10 takes precedence in case of any conflict with other sections of this Policy):
- Right to Know and Access: As a resident of these states, you are entitled to request and receive specific information regarding how we collect and use your Personal Information. Upon verifying your consumer request, we will provide you with:
- The types of Personal Information we have collected about you;
- The sources from which your Personal Information was collected;
- The reasons for collecting, selling, or sharing your Personal Information;
- The categories of third parties to whom we have disclosed your Personal Information;
- The specific details of Personal Information we have about you, known as a data portability request;
- If applicable, two separate lists detailing (1) any sales of your Personal Information, specifying the types of Personal Information each recipient category purchased, and (2) any disclosures for business or operational purposes, specifying the types of Personal Information each recipient category obtained.
- Right to Deletion: You can request the deletion of your Personal Information that we have collected and retained, with some exceptions. After verifying your request, we will delete your Personal Information from our records and instruct our service providers and contractors to do the same, unless a legal exception applies. Your deletion request may be denied if retaining the information is necessary for us or our service providers or contractors to:
- Complete transactions, fulfill warranty terms, provide requested services, or perform our contract with you;
- Ensure the security and integrity of our Services;
- Debug to identify and repair functionality errors;
- Protect free speech rights or other legal rights;
- Comply with the California Electronic Communications Privacy Act;
- Conduct public or peer-reviewed research in line with ethics and privacy laws, where deletion would impede the research, provided you have consented;
- Enable internal uses aligned with your expectations and the context in which you provided the Personal Information;
- Fulfill a legal obligation.
- Right to Correction: You have the right to request correction of inaccurate Personal Information. Upon receiving and verifying your request, we will make reasonable efforts to correct inaccuracies, considering the nature and processing purposes of the Personal Information.
In exercising your privacy rights under applicable laws, we assure you that there will be no discrimination against you. In accordance with these laws, we will not:
- Refuse you access to our Services;
- Charge you different rates or prices for our Services, including altering discounts, benefits, or imposing penalties;
- Offer you a different standard or quality of our Services;
- or Imply that you might receive our Services at different rates or levels of quality.
Verifiable Consumer Requests
To action your rights as outlined above, you can contact us via email at email@example.com with the subject “State Privacy Rights” or send a postal request to Castle of Blackwater B.V., 5431NT, Cuijk, Netherlands. These requests can only be made by you or a person legally authorized to act on your behalf. A verifiable consumer request must:
- Provide enough information for us to reasonably verify that you are the person we collected Personal Information about, or a representative authorized by you; and
- Clearly describe your request so that we can understand, assess, and respond appropriately.
We are unable to fulfill your request or provide Personal Information if we cannot verify your identity or the authority of the request, and confirm the Personal Information pertains to you. Personal Information submitted in a verifiable consumer request will be used solely for the purpose of verifying the identity or authority of the requestor.
Response Timing and Format
Our goal is to address each verifiable consumer request within 45 days from the date of receipt. Should we need additional time, we will notify you in writing about the reason for the delay and the length of the extension period. For those with an account with us, our written response will be delivered to your account. If you do not have an account, we will send our response either by mail or electronically, based on your preference.
The information we provide will cover the 12 months preceding the verifiable consumer request, unless you specify a different timeframe for Personal Information collected after February 1, 2022. Our response will also include explanations for any inability to fulfill a request, where relevant.
To contest a decision about your verifiable consumer request, please submit an appeal through one of the aforementioned methods. Your appeal should detail your reasons for disagreeing with our decision. Within 60 days of receiving your appeal, we will respond in writing, detailing any actions taken or not taken, along with explanations for our decisions.
In the case of data portability requests, we will use a format that ensures the Personal Information is easily accessible, understandable, and capable of being transferred from one entity to another without complications.
We do not impose fees for processing or responding to your verifiable consumer request unless it is deemed excessive, repetitive, or clearly baseless. If we decide that a fee is applicable, we will explain the reasoning and provide a cost estimate before proceeding with your request.
11. Updates to This Policy
We may modify this Policy periodically in line with applicable legal requirements. When we update this Policy, we will revise the ‘Effective Date’ at the top of the document and provide additional notification, which may include an in-game announcement or an email alert.
12. Contacting Us
For any inquiries, feel free to reach out to us via email at firstname.lastname@example.org or send your questions by post to Castle of Blackwater, De Nieuwe Erven 12, 5431 NT, Cuijk, Netherlands.
Law enforcement agencies seeking Personal Information should email email@example.com with the subject “Law Enforcement Request” or mail their request to Castle of Blackwater, De Nieuwe Erven 12, 5431NT, Cuijk, Netherlands.