PRIVACY POLICY

Last updated: June 12, 2024

You are currently browsing a Guillemot Corporation S.A.  website (hereinafter the “Site”) and/or using a Guillemot user interface (hereinafter the “Interface”), in a section that includes legal information and the policy relating to the protection of privacy (hereinafter the “Policy”).

The privacy of users of the Site and the Interface (hereinafter “Users”, “User” or “you”) is of great importance to Guillemot Corporation S.A.  (hereinafter referred to as “Guillemot” or “we”). Guillemot is the data controller for personal data collected on or via the Site or the Interface. Guillemot has adopted this Policy to ensure that you are fully informed.

We encourage you to read this Policy to gain a better understanding of the scope of the expression “protection of privacy”. Some current or future areas or functionalities of the Site or the Interface that require the collection and use of information (e.g. for competitions) may have their own conditions or rules regarding the protection of privacy (and their own special terms of use). If you wish, you will be able to read these before inputting your information.

IF YOU ARE A MINOR, READ THIS PRIVACY POLICY CAREFULLY WITH YOUR PARENTS OR LEGAL REPRESENTATIVE.

Personal data consists of “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (excerpt from the Regulation of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to processing of personal data, commonly known as “GDPR”; Section 3 of the (UK) Data Protection Act of 2018 includes a similar definition).

Your personal data is collected and processed in accordance with lawful bases recognized by European regulations:

– On the basis of your consent;

– On the basis of legitimate interests;

– In connection with the execution of a contract or the intention to enter into a contract; and/or

– In order to comply with a legal obligation to which we are subject.

You have the right to ask Guillemot to let you access, correct or delete your personal data, to restrict the processing of data relating to the subject (you or your underage children), to object to the processing of your data and to request the portability of your data. Lastly, you have the right to define guidelines about what happens to your personal data after your death. We are required to notify you of the existence of these rights. However, it is not quite that straightforward: if we simply stated that these rights exist, you would not understand if you received a negative response to a request to exercise them. We therefore inform you that these rights are not applicable in every case. In particular, the right to delete your data does not apply if the lawful basis for processing is a legal obligation; the right to object does not apply if the lawful basis for processing is a contract or a legal obligation; and the right to portability does not apply if the lawful basis for processing is a legitimate interest or a legal obligation (in other words, portability only applies if the lawful basis for processing is either consent or a contract). However, in cases where one right is not applicable, other rights still apply. To exercise your rights over your personal data, use a link (such as “Contact” or “Support”) to our contact form; these links can be found either at the top or bottom of pages on the Site, or in the “Help” section at the top of pages on the www.DJUCED.com site (note that the support provided by our technical support department is not limited to technical support), or in the “Settings” section of the Interface. In cases where we have reasonable doubts about the identity of the person wishing to exercise one or more rights, we may ask for additional information to confirm their identity and we may suspend processing of the request until their identity has been confirmed.

To avoid excessively lengthy wording in our personal data collection forms (lengthy text is likely to hamper the readability of the whole, which would ultimately be to the detriment of both the information and your decision), the form provides you with some top-level information and refers you to this Policy for further information. Here you will find more details about the data we collect, data retention periods, data recipients, etc.

  1. WHAT PERSONAL DATA IS COLLECTED?

Personal data provided by the User: By using our online data collection forms, filling in fields and taking certain actions (e.g. uploading information), you are making an explicit decision to provide the corresponding personal data. Guillemot collects personal data in the following cases in particular: (1) through contact forms (including for chat); (2) upon member registration, if available on the Site or the Interface in question; (3) upon registration to take part in or apply to take part in a competition or product test, if available on the Site or the Interface in question; (4) upon the creation and use of a personal space or account, if available on the Site or the Interface in question; (5) upon subscription to one or more newsletters, if available on the Site or the Interface in question; (6) through online forums, if available on the Site or the Interface in question; (7) upon submission of a sponsorship application, if available on the Site in question; (8) upon a request to participate in an affiliate program, if available on the Site.

We will always ask you for your email address if you are doing anything other than simply reading the Site (e.g. subscribing to a newsletter) and we will determine whether or not this email address has been verified. The other information we may collect depends on how you use the Site or the Interface. We will usually ask you for your first and last names. Depending on the context, we may ask you for personal data such as your gender, marital status, date of birth, username, information about any products you own (both software and hardware), your address(es) (postal, billing and shipping), secondary email address, username (or nickname) on one or more social media, telephone number(s), fax number, comments, nationality, country of residence, language, and the information we need to create a list of your products (including product name, brand, serial number, reseller, purchase date and software version), software (including names and creation dates), games and social media (including type, name and, where applicable, your social media, nickname and ranking or score) and any accessories (including brand, type and name). N.B. We add the relevant contact type (customer, influencer, prospective customer, etc.) and the source from which you arrived at the Site or the Interface to a database (example sources include “eShop”, “Newsletter”, etc.). We determine whether you are a Thrustmaster customer, a Hercules customer, a DJUCED customer, an Ambassador and/or a VIP and we determine your status (“approved”, “pending”, etc.). If we have your date of birth, we use it to determine your age and the date of your next birthday. If you have been the subject of a marketing campaign, we determine the date of the last campaign, the outcome, and whether or not you have consented to receive marketing materials. We track your consent including the timing of when it was given, the subject (e.g. subscription to a particular newsletter) and the type of consent given. We track which method(s) of communication you have authorized. Where applicable, we collect additional personal details (e.g. your interests, the dates and/or times when you are happy for us to contact you, etc.). Where applicable, we track your attendance at events including their name, type, and scheduled start date and time.

We may also collect information about your shopping basket (i.e. any items you intend to purchase), discount codes, affiliate codes, orders, total value of orders, last order date, opinions about products and/or services, favorites (content, products and/or services), interaction with our customer service advisers and preferred communication channel. We create a list of your orders (including product names, references and types, shipping dates, order date, brand, total amount and status).

If you wish to participate in an activity or event that is covered by one or more contracts, we save precontractual representations (e.g. confirmation that you are of legal age and able to enter into contracts, read, understand and write correctly in one or more languages, etc.). If you participate in the activity or event in question, we save the contract between you and us.

If you wish to participate in an activity or event that requires you to meet certain criteria (e.g. a product test), we may collect information about your hardware and/or software setup.

If you participate in an activity or event, we may also collect information that you provide about yourself (to help us understand your feedback, for example by helping us determine whether or not your situation and/or your needs are specific to you), your participation in the activity or event (what you thought about it and any questions, comments, reports and answers about the activity or event, etc.).

If you introduce yourself to us, we may collect your bio, taste in music and/or video games, username (or nickname) on one or more social media and/or links (e.g. to your blog or social media), influences, musical plans, e-Sports plans and live dates.

When access needs to be restricted, we ask you for a password.

If you contact us, we collect information about your requests and complaints (see details below).

When processing requests and complaints, in addition to your identity and email address or telephone number, we also collect the source of the request or complaint, the language, date, category of request (information, support, withdrawal, etc.), purpose or subject (e.g. “Is hardware H compatible with software S?”), description, brand, any documents provided, the number we assign to the request (where applicable, we may link or merge the request with one or more other requests), a priority level, the status of the request, the content of any interactions (emails, text messages, recordings of telephone calls), a unique customer code (an internal number we use to identify the same requester regardless of channel (email, phone, etc.)), number of support tickets opened with us, date of first contact, date of last interaction, number of contacts and level of satisfaction (e.g. in the form of a star rating). We create a list of incidents (an incident means a request or complaint) raised by the requester and determine the number of days since the last interaction, the date of the last incident and the number of incidents. For technical support requests, we collect one or more photos or videos explaining the problem, the name of the product(s) (hardware, software, accessories) used by the requester, the product type and serial number, software version and/or software creation date, and the system with which the product(s) is/are used (PC, Xbox, etc.). For warranty claims, we collect your address, the purchase date and purchase price of each product covered by the warranty claim, the name of the reseller and a copy of the purchase invoice.

In connection with the administration of product owners’ clubs, in addition to your identity and email address, we specifically collect your club membership number and password.

In connection with the administration of forums, blogs and electronic messaging systems, we collect any searches you have undertaken on the forum and information about any reports of abnormal behavior you have submitted. If you register to be an active member of the forum, in addition to your identity, email address and password, we collect your username, display name (the nickname that appears on the forum), what you post on the forum (including questions, answers, comments and any attachments), your “likes” and “dislikes”, any topics you post, your favorites or bookmarks, the people you follow and what you subscribe to on the forum. We also collect what you receive (responses, comments, “likes” and “dislikes”). We collect your choices. We optionally collect your cover photo, avatar, bio, a link to your website, your profession, your signature text, links to your social media, your general location and your time zone. We notify you that we plan to collect information about the hardware and software you use. Your contributions to content are timestamped. N.B. We determine your status, your followers, your follower count, how many people you are following, how many messages, topics, discussions, replies and comments you have made, how many “likes” and “dislikes” you have given and received, your rating and the date of your last visit. We create a “User ID” for you (a unique identifier that does not include your name) and add you to a group (the group to which you belong, e.g. members, moderators, etc.) and, where applicable, a sub-group (if the group is not specific enough). Lastly, we determine user counts and view counts.

For affiliate programs, Guillemot collects the member’s first and last names, email address(es), business type (“creator”/“firm”), trade name and/or brand, business name and address, website address, VAT number, text presenting the business and what it can do for Guillemot (audience size, optional email address of accounts department, social media, bank details, products owned, access to the platform (owner, administrator or employee), email addresses of affiliates of a “firm”, usernames and passwords). Guillemot processes creator codes and links to affiliate content (content – e.g. videos – distributed to the public by content creators), commission amounts, payment histories and payment statuses.

Special case of payment information: online payments on the Site or the Interface by bank card or charge card are made via the secure payment server of the service provider appointed by Guillemot to process payments. Payment information such as card number, card expiration month and year, and verification code (CVC or CVV) is collected by the payment services provider, even if it appears to you that it is being collected by Guillemot. This means this payment information is not stored on the Site or the Interface. For periodic payments (e.g. a license with monthly instalments), it is the payment services provider who stores the payment data and periodically collects the payments. Similarly, you can amend the payment information used by the payment provider (e.g. if the card to be used for future periodic payments expires) via your e-commerce space.

Special case of developer accounts: if you are a developer, Guillemot uses a form to collect your first and last names, email address, message (reason for your request to open a developer account and description of your needs), username, password and, where applicable, the name of each of the companies you represent, together with your sworn declaration.

Special case of licenses – whether free or paid – limited to a given number of devices:

Guillemot determines the maximum number of products (or devices) that can be linked to the license and collects the names of the products (or devices) associated with the license, the MAC address of each product (or device) associated with the license, the identifier (“token”) of each product (or device) associated with the license and its validity expiration date.

When you activate the license, Guillemot identifies the device you are using at the time of activation (computer, smartphone, etc.) and associates that device with your email address. Each device is identified by its characteristics.

Whenever you use the license, Guillemot identifies which device you are using.

If you use the license with a new device, that device is identified.

Special case of paid licenses (applies to all licenses that are billed, even if one or more invoices are for a zero amount):

Whenever a paid license is purchased, Guillemot collects information about that license: its price, the version of the content (or software) it covers, whether or not it is part of a special offer (e.g. an offer including a temporary free trial), the duration of any free trial (beyond which the price of the license is charged), the license start date (usually the date on which the license is purchased), duration, billing frequency and date of the most recent invoice. Guillemot manages the license and billing (Guillemot determines the status of the license, the date of the next invoice and the license end date (or the parameters or event(s) that correspond to expiration of the license)).

When you activate the paid license on a computer, you provide your email address (the same one you provided when you ordered the license) and password. After verification, Guillemot identifies the computer you are using and associates that computer with your email address as being the computer with which the paid license will be used. If activation is validated, you receive a confirmation message and an identifier (token) identifying you as the user is processed by Guillemot (the DJUCED software stores neither your email address nor your password). Activation is rejected if, for example, there is a network issue, there is no valid license or the maximum number of computers has been exceeded.

When you use the license, you must have an internet connection to enable Guillemot to manage access to the functionality that corresponds to your license(s) using the license information associated with your Guillemot account.

If the license is renewed, Guillemot collects information about the renewal (namely the date on which it takes effect).

In the event of a payment issue (e.g. your bank card has expired), Guillemot collects information about the issue (date and nature of the issue and amount payable).

If the license is terminated, Guillemot collects information about the termination (the termination date and the date on which termination takes effect).

Special case: to exercise your right to access, correct, object to or restrict the processing of, delete or request the portability of your personal data, you will have to provide us with a copy of proof of identification or additional information (to give Guillemot the information it needs to dispel any reasonable doubts it might have about your identity).

Guillemot also collects the messages, comments, replies and emails you send to Guillemot and a transcription of any voice conversations you have with us (including identifying information, timing, the identity of our agent and a transcription of the response given by our agent).

Cookies: Guillemot uses the information contained in cookies to more effectively track Users and provide them with personalized content and functionality. We use audience measurement tools to obtain information about how visitors browse the Site. In particular, this information helps us understand how users arrive at and navigate around the Site. These tools use cookies.

Cookies are simply pieces of information sent from a web server and stored on your device (computer, smartphone, smart TV, connected gaming console, etc.). Cookies do not contain any information that can be used to directly identify you (for example, they contain no names or email addresses). They are generally used to quickly identify a User’s device and remember certain aspects of the User’s visit and choices (choice of language and/or location, cookie consent, etc.). The use of cookies is relatively common on websites. The Site does not recognize or respond to “Do Not Track” functionality. However, if you wish, you may configure your browser to warn you whenever you receive a cookie or to refuse or accept cookies. To object to the use of cookies, simply express your choice regarding cookies in the window that notifies you that the Site uses cookies. An icon is available allowing you to modify your cookie choices. While you can object to the use of cookies, you must understand that some of the Site’s pages and features may not work properly if your browser refuses cookies.

Other tracking:

Guillemot tracks Internet Protocol (IP) addresses. An IP address is a unique number used by computers on the network to identify your device each time you connect to the internet.

Guillemot collects limited information about your connection location (the geolocation data about your connection location is no more specific than town/city), your internet service provider (ISP), the type of device you are using (computer, telephone, etc.), the operating system (OS) you are using, the time at which you began browsing, the number of page(s) viewed, the specific page being viewed, and the browser language and web browser you are using.

If you arrive at the Site via an affiliate link, Guillemot collects the information corresponding to that link.

Like many other websites, the Site passively collects and stores non-personally identifiable information in log files. This process records website activity, including the number of views for a specific web page. In cases where you are not required to log in to a Guillemot account, these entries are generated in a non-personally identifiable way and are not associated with any specific User. In cases where you are required to log in to a Guillemot account (to make online purchases, access non-public information, etc.), the data is associated with a specific User (the account-holder).

To help us manage user access, we collect a timestamp of your registration requests (e.g. if you register to become a member of a forum), a timestamp of activation (when a request is verified), a timestamp when your registration is recorded, a timestamp when you unsubscribe, a timestamp of your last visit, your number of logins and your (encrypted) password. We also record the date your data was last updated.

Non-personally identifiable information obtained via DJUCED software (or applications): app ID (software identifier), app version (software version), user ID (a universal non-personally identifiable unique identifier to distinguish new users from existing and former users), operating system (name and version), CPU architecture (number of bits, e.g. 32 or 64), display resolution, language, country, event (a feature or setting chosen by the User to which an event number is assigned indicating the type of event), event timestamp, event label, event value, name of product(s) used with the application, serial number of product(s) used with the application, deck, whether or not the User connects via the application to a content provider suggested by Guillemot, name of content provider, number of content downloads and information about the content (BPM, track name and artist, features used [loops, hot cues, stems, etc.] and screens displayed).

Personally identifiable information obtained via DJUCED software (or applications): on startup, the application asks the user to input their email address and password (so it can identify them, determine and select the applicable license and run the version of the application that corresponds to the selected license).

Information obtained via the “My Thrustmaster” application: we collect your email address, password and username (nickname); your choice of banner, profile picture and language; information about the gaming platform(s) used by the data subject (you); product information (names of products owned, product settings, etc.); game information (name of game(s), gaming session data, game statistics, etc.); your reviews; and a list of your friends in the application.

Information obtained via subsidiaries and service providers: Guillemot receives information from its subsidiaries and service providers.

The delivery service provider provides Guillemot with the dispatch date and shipping status as well as the routing information it needs to be able to keep the customer informed and respond to any shipping-related complaints.

The payment provider provides Guillemot with the payment status (whether a payment is accepted or rejected and, if rejected, the reason) and, depending on the payment method, the minimum required payment information (to enable Guillemot to respond to any complaints that might arise). Where a payment is rejected pending additional verification to prevent e-commerce fraud and the payment was made using a bank card, the service provider provides Guillemot with the reason for the rejection, the level of risk assessed by the service provider, the key elements suggesting fraud, the customer’s ID with the service provider, the cardholder’s first and last names, the card type, issuer, country of issue, last four digits and expiration date, an imprint of the payment method, the cardholder’s email address, IP address (location of the IP address and identity of the internet service provider used), the customer’s address and the transaction authorization rate associated with that email address. In providing Guillemot with payer authentication services (to help prevent e-commerce fraud), the service provider collects and uses information about the characteristics of your device and indicators of your activity.

The third-party social media data collection provider (a marketing services provider) collects reviews posted on social media together with the reviewer’s username (or nickname) and Guillemot’s replies on social media and provides them to Guillemot. However, Guillemot directly collects anything you post in private areas created on social media by Guillemot. Even in such cases, the social media in question may collect personal data about you; we therefore encourage you to read the privacy policy of the third-party website in question.

The service provider tasked with reporting bugs and other technical issues on phones and tablets provides Guillemot with the following information: app ID, app version, unique device identifier (UDID), CPU architecture (e.g. 32- or 64-bit), operating system, language, device model, timestamp of the bug and location in our program where the bug occurred. Google (Google Ireland Limited) provides this service for Guillemot and collects data to identify us and the device involved, data describing the usage environment, and contextual and problem-tracking data.

The service provider tasked with reporting bugs and other technical issues on PCs and Macs provides Guillemot with the following information: app ID, app version, crash ID (incident number), operating system, CPU architecture, function (functionality or setting chosen by the user), timestamp of the technical issue, explanation (type of software error), nickname of the person affected, truncated IP address, description of actions immediately prior to the issue encountered and user ID (a universal, non-personally identifiable unique identifier used to distinguish new users from existing and former users). N.B. The software temporarily gathers data so as to be able to report any potential bugs and technical issues that may arise; however, the decision as to whether or not to submit a bug report and trigger notification is entirely down to you.

Google (Google Ireland Limited) provides Guillemot with the Google Analytics measurement and analysis service, which collects first-party cookies as well as data linked to your IP address, device/browser and activities undertaken on the Site or the Interface.

As part of its CAPTCHA service (Completely Automated Public Turing test to tell Computers and Humans Apart), Google tells Guillemot that you are a human (to safeguard against intensive automated login attempts).

Guillemot’s subsidiaries provide various types of services (administration, IT, logistics, marketing, research and development, customer relations, etc.) that require the provision of information corresponding to the particular service(s) provided by each subsidiary.

Keep in mind that whenever you voluntarily disclose personal data online (e.g. by email, on a forum or via a public profile), that information may be collected and used by other people. While Guillemot makes every effort to protect your personal data, we cannot guarantee its safety if you yourself do not take appropriate precautions. Whenever you provide information, you are therefore deemed to have done so knowingly. It is important to note that minors must neither create nor input passwords on the Site or the Interface. Furthermore, you are solely responsible for the confidentiality of any passwords you create and/or any information relating to any account with Guillemot you create on the Site or the Interface, if applicable (hereinafter “Account”).

Your Account email address and password are important because they serve as a kind of key for managing user access and access to functionality. An Account email address and password also allow the Account-holder to log in to the Interface or create and log in to separate spaces (user pages) on a number of Guillemot websites (i.e. on the Site and other Guillemot websites). Some web pages provide access to areas where requests and complaints are handled. Other web pages provide access to e-commerce spaces.

  1. WHAT HAPPENS IF I REFUSE TO PROVIDE PERSONAL DATA?

If we do not have access to certain items of personal data, we will not be able to contact you (we need to know how to reach you), assign and direct requests (we cannot arrange for requests to be assigned to the right person unless we are aware of the subject, language, and contact type), process certain requests (if you have experienced a technical issue, we need to be aware of the relevant context and the hardware and software environment) or send you anything by post (if we do not know your address). Furthermore, access to some areas and features of the Site or the Interface – if available on the Site or Interface – will be affected: e-commerce, participation in the forum, signing up to take part in competitions, applying for sponsorship, applying to take part in tests (including product tests, beta testing, etc.) and video playback. However, we do not require such personal data if you simply want to access the Site and view most of its content.

If you refuse affiliate tracking cookies, you are likely to deprive affiliates (content creators) of rewards, potentially discouraging them from working with us and creating content.

  1. FOR WHAT PURPOSES AND ON WHAT LEGAL BASES WILL MY PERSONAL DATA BE USED?
  1. Connection data:

Connection logs – including IP addresses – are used, on the basis of Guillemot’s legitimate security and defense interests, for the purposes of managing existing and prospective customers, sharing experiences (user testimonials), managing product owners’ clubs, content download areas, forums, blogs and electronic messaging systems, managing the sending out of information for marketing purposes, managing affiliate programs, managing hardware and software development and the provision of information to developers, managing user access, processing requests and complaints, managing personal spaces for the purposes of handling requests, technically managing websites and servers, and filtering network access. They are also used for the purposes of non-commercial external communications, payer authentication (to help prevent e-commerce fraud) and managing actual and potential litigation and pre-litigation matters.

Information about the location from which a user connects to the Site and the internet service provider (ISP), device type (computer, phone, etc.), operating system, browser language and web browser used to connect to the Site is processed for the purposes of managing existing and prospective customers, processing requests and complaints, technically managing websites and servers, authenticating payers (to help prevent e-commerce fraud) and managing actual and potential litigation and pre-litigation matters. This information is processed on the basis of Guillemot’s legitimate technical, security and defense interests.

IP addresses are used for the purposes of managing existing and prospective customers, measuring audiences and monitoring the Site, managing software downloads, forums, blogs and electronic messaging systems, managing the reporting of bugs and other technical issues on PCs and Macs, distributing website content, authenticating payers (to help prevent e-commerce fraud) and managing actual and potential litigation and pre-litigation matters. IP addresses are used to geolocate visitors to the Site but such geolocation is limited (it is no more specific than the visitor’s town/city). IP addresses are processed on the basis of Guillemot’s legitimate commercial, technical and organizational interests, and sometimes also on the basis of Guillemot’s security and defense interests.

Connection data is used for the purposes of managing product owners’ clubs based on the need to take steps prior to entering into a contract and to establish a contractual relationship between Guillemot and club members. Connection data is used for the purposes of managing content download areas, based on the consent of the data subject. Connection data is processed in response to requests from authorities on the basis of a legal obligation.

Data collected in connection with network access is processed for the purposes of filtering access to and use of the internet and websites and understanding variations in traffic flows and unauthorized intrusion. Data collected for these purposes is processed on the basis of Guillemot’s legitimate security and defense interests.

  1. Information provided by Users

The purposes for which information you provide to us is used depend on the activity or activities in question.

Data collected in connection with the management of existing and prospective customers is processed for the purposes of:

– managing a database of existing and prospective customers;

– carrying out customer management activities concerning contracts, orders, pre-orders, subscriptions, shipping, billing and loyalty programs, undertaking customer relationship management activities such as satisfaction surveys and selecting existing or prospective customers to take part in studies, surveys and product tests;

– carrying out prospecting activities;

– selecting one or more categories of people to take part in loyalty campaigns, prospecting activities, studies, surveys, product testing and promotional campaigns and undertaking marketing campaigns;

– producing business statistics;

– organizing competitions, lotteries and promotional campaigns of any kind;

– preparing and publishing content;

– managing reviews of products, services and/or content; and

– managing your favorite content, products and/or services.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, organizational, technical, security and defense interests. Exception: prospecting campaigns via electronic channels (email or text message) are based on your consent; however, if you are already a customer, we may contact you to offer you products similar to those you have previously ordered.

Data collected in connection with sharing experiences is processed for the purposes of:

– managing the collection and retention of testimonials about people’s experience of products, services and/or content; and

– managing the publication of experiences.

Data collected for these purposes is processed on the basis of the consent of the data subject.

Data collected in connection with competitions, campaigns and “internal” marketing events (not aimed at the general public) is processed for the purposes of:

– organizing competitions, lotteries and promotional campaigns of any kind;

– organizing marketing events;

– obtaining visuals to illustrate products and services offered by Guillemot; and

– producing participation statistics.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial and organizational interests.

Data collected in connection with the use of third-party images for promotional purposes is processed for the purposes of:

– promoting Guillemot (including its activities, products and/or services) to existing and prospective customers;

– illustrating products and services offered by Guillemot;

– managing the use of third-party images; and

– managing the rights of data subjects.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial and organizational interests.

Data collected in connection with communications via third-party social media is processed for the purposes of:

– interacting with social media subscribers;

– sending information to social media subscribers; and

– managing social media distribution channels.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial and organizational interests.

Data collected in connection with the management of software downloads is processed for the purposes of:

– preparing and publishing content;

– managing and monitoring downloads;

– managing licenses;

– ensuring compatibility between the software in question and the hardware owned by the user;

– forecasting needs; and

– producing statistics.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, organizational, technical and defense interests.

Data collected in connection with the management of product owners’ clubs is processed for the purposes of:

– managing members;

– sharing information with members;

– providing benefits to members; and

– ensuring compliance with the terms and conditions of club membership.

Data collected for these purposes is processed on the basis of action needed prior to entering into a contract and to establish a contractual relationship between Guillemot and club members.

Data collected in connection with the management of a community of enthusiasts who wish to receive technical information is processed for the purposes of:

– managing a community of enthusiasts (who need not necessarily own Guillemot products); and

– creating and using email distribution lists.

Data collected for these purposes is processed on the basis of the consent of the data subject.

Data collected in connection with the management of content download areas is processed for the purposes of:

– allowing users to download content;

– managing access to content; and

– producing statistics.

Data collected for these purposes is processed on the basis of the consent of the data subject.

Data collected in connection with the management of forums, blogs and electronic messaging systems is processed for the purposes of:

– setting up communication platforms;

– carrying out studies and surveys (of issues encountered by users);

– providing information;

– managing members (registration, unsubscribing, etc.);

– managing interaction;

– ensuring and managing security;

– managing a forum (in particular, moderating and enforcing rules);

– responding to sponsorship applications; and

– producing statistics.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, organizational, technical, legal, security and defense interests. Since Guillemot stores written content, images, sounds and/or messages that may be made publicly available online, Guillemot is required to retain data that might be used to identify anyone involved in creating any of the content used on the

Site or the Interface.

Data collected in connection with the sending out of information for marketing purposes (newsletters) is processed for the purposes of:

– managing subscriptions; and

– creating and using email distribution lists.

Data collected for these purposes is processed on the basis of the consent of the data subject.

Data collected in connection with affiliate programs is processed for the purposes of:

– setting up a management platform;

– managing affiliates (subscribing and unsubscribing);

– managing the affiliate program (in particular to ensure that the rules are enforced);

– identifying affiliates;

– identifying sales generated by an affiliate (a content creator);

– calculate commissions and/or bonuses due to an affiliate;

– issuing invoices; and

– producing statistics.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, organizational, security and defense interests.

Data collected in connection with the reporting of bugs and other technical issues on PCs and Macs is processed for the purposes of:

– identifying issues;

– allocating resources (to resolve issues and improve the products in question);

– forecasting needs;

– resolving issues and improving the products in question; and

– producing statistics.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, technical, financial and organizational interests.

Data collected in connection with the management of hardware and software development is processed for the purposes of:

– managing developments;

– undertaking development, including fixing bugs and other technical issues; and

– monitoring developments.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate technical, financial, organizational, defense and security interests.

Data collected in connection with the management of user access is processed for the purposes of:

– creating access rights;

– verifying access rights;

– revoking or restricting access rights; and

– combating illegitimate use.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, technical, organizational, financial, security and defense interests.

Data collected in connection with managing the provision of information to developers is processed for the purposes of:

– managing developers;

– responding to information requests from developers;

– informing account-holders of the availability of information;

– producing statistics;

– enforcing compliance with terms of use and confidentiality and intellectual property requirements; and

– securing the remote information provision service.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, technical, organizational, security and defense interests.

Data collected in connection with managing the provision of functionality is processed for the purposes of:

– managing the provision of functionality to users;

– improving our software and ensuring it continues to work with the relevant hardware;

– improving our hardware and ensuring it continues to work with the relevant games;

– moderating the use of hardware and software;

– providing assistance to users;

– monitoring product activation; and

– producing statistics.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, technical, organizational and financial interests.

Data collected in connection with the processing of requests and complaints is processed for the purposes of:

– assigning requests;

– responding to requests and ensuring they are followed up;

– supervising processes so as to understand and optimize the activities of the department responsible for processing requests and complaints;

– interacting with existing and prospective customers;

– managing document libraries (templates) and contacts;

– producing statistics;

– managing uncivil conduct towards staff;

– managing warranty claims;

– managing requests to exercise the right of withdrawal; and

– managing requests to exercise the rights to access and correct data and object to its processing (data protection rights) and, more generally, requests to exercise any other rights.

Data collected for the first seven purposes is processed on the basis of Guillemot’s legitimate commercial, technical, financial, organizational and defense interests. Data collected for the last three purposes is processed on the basis of legal obligations incumbent upon Guillemot.

Data collected in connection with the management of personal spaces for the purposes of handling requests is processed for the purposes of:

– enabling internet users to contact Guillemot online and track their requests;

– enabling internet users to easily access their data;

– enabling internet users to easily update their data; and

– providing a secure communication channel.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, organizational, security and defense interests.

Data collected in connection with the technical management of websites and servers is processed for the purposes of:

– managing the operation of websites and servers;

– technically administering websites;

– securing websites through event logging; and

– producing statistics.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, technical, organizational, security and defense interests.

Data collected in connection with payer authentication is processed for the purposes of:

– managing fraud prevention efforts;

– assessing the risk of fraud;

– safeguarding against the risk of fraud;

– preventing fraudulent payments;

– defending Guillemot in the event of fraud and assisting and cooperating with the authorities; and

– preventing the recurrence of fraud.

Data collected for this purpose is processed on the basis of Guillemot’s legitimate commercial, organizational, financial and defense interests.

Data collected in connection with actual and potential litigation and pre-litigation matters is processed for the purposes of:

– managing potential litigation;

– managing pre-litigation matters;

– managing litigation;

– managing archived pre-litigation and litigation files;

– executing decisions; and

– producing statistics.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, financial, organizational and defense interests. Furthermore, with regard to court decisions handed down, this data is also processed on the basis of Guillemot’s historical legitimate interest.

Data collected in connection with accounting is processed for the purposes of:

– maintaining accounting records;

– fulfilling tax and accounting obligations;

– consolidating the accounts;

– organizing the accounting system;

– managing outstanding amounts, reminders and arrears (not including temporarily or permanently depriving a person of the benefit of a supply of services or goods);

– optimizing the company’s physical and financial performance (financial control);

– providing figures;

– archiving and supplying accounting records; and

– managing audits.

Data collected for the first three purposes is processed on the basis of compliance with legal tax and accounting obligations. Data collected for the remaining purposes is processed on the basis of Guillemot’s legitimate organizational, financial and defense interests.

Data collected in connection with non-commercial external communications is processed for the purposes of:

– creating and using an address file for information and/or external communication purposes – not including any form of marketing – relating to the business carried on by Guillemot;

– communicating about the payment of dividends;

– communicating about corporate actions; and

– producing statistics.

Data collected for these purposes is processed on the basis of legal obligations incumbent on Guillemot.

Copies of identity documents for the purposes of exercising the right to access, correct, object to or restrict the processing of, delete or request the portability of data are used in processing requests and complaints and handling actual and potential litigation and pre-litigation matters (data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, financial, organizational and defense interests).

  1. Cookie information

We use cookies to help manage existing and prospective customers, measure audiences and monitor websites, manage software downloads, product owners’ clubs and content download areas, manage personal spaces for the purposes of handling requests, technically manage websites and servers and distribute website content.

Data collected in connection with audience measurement and website tracking is processed for the purposes of:

– measuring website audiences and monitoring website activity; and

– producing statistics.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, organizational and technical interests.

Data collected in connection with affiliate programs is processed for the purposes of:

– identifying affiliates (content creators who share affiliate codes and/or affiliate links);

– identifying sales generated by affiliates (content creators); and

– calculating commissions and/or bonuses due to affiliates.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, organizational, technical and security interests.

Data collected in connection with the distribution of website content is processed for the purposes of:

– improving access to websites; and

– improving website security.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, organizational, technical and security interests.

The purposes and legal bases of other processing activities are as described earlier. In summary, we use cookies to make the Site more efficient, useful and secure and to improve its quality and provide more personalized content. Cookies are processed on the basis of Guillemot’s legitimate interests.

Essential cookies are necessary for the Site to function and cannot be disabled within our systems. They are usually set in response to actions you have performed that constitute a request for services, such as setting your cookie preferences and logging in (e.g. to access your secure area or shopping basket).

Functional cookies help us improve and personalize the Site’s functionality. In particular, they store (non-personally identifiable) information about your preferences in relation to viewing web pages, language, location, etc.

Performance cookies help us analyze the Site’s usage and performance so as to improve its operation (including in particular most visited pages and pages that generate error messages).

Advertising cookies are used to show you the most relevant advertising based on your interests. If advertising cookies are disabled, advertisements will still be displayed but they may no longer be relevant to your interests.

Social media cookies are cookies generated by third-party social media. They make the Site more user-friendly and help promote us. They also make it possible to provide richer Site content by means of audio and/or video sharing. Certain Site features (e.g. buttons for following us on social media, video playback) rely on services offered by third-party sites. These features set cookies that allow those sites to track your browsing. Such cookies are only set if you give your consent. We encourage you to read the cookie policies of third-party sites.

  1. Information collected automatically via software (or applications)

Data collected in connection with the technical oversight of software and hardware products is processed for the purposes of:

– understanding how software, and the hardware used with it, is used;

– improving our software and hardware products and ensuring they continue to work with other software and hardware products used with them;

– teaching users how to use our software and hardware products;

– monitoring software and hardware product activation; and

– obtaining statistics.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate technical, commercial, organizational and financial interests.

Data collected in connection with the reporting of bugs and other technical issues on phones and tablets is processed for the purposes of:

– identifying issues;

– allocating resources (to resolve issues and improve the applications in question);

– forecasting needs;

– resolving issues and improving the applications in question; and

– obtaining statistics.

Data collected for these purposes is processed on the basis of Guillemot’s legitimate commercial, technical, financial and organizational interests.

Your personal data is not used for profiling that could reveal sensitive data (racial or ethnic origin; philosophical, political, trade union or religious affiliation; sex life or health).

  1. WHO ARE THE RECIPIENTS OF PERSONAL DATA?

In principle, your personal data is intended for Guillemot and its subsidiaries and service providers (IT and telephony providers, delivery service providers, payment service providers, fraud risk analysis providers, legal service providers, notification service providers, marketing service providers) and government agencies (where there is a legal obligation).

Google is a recipient of data in connection with its Google Analytics measurement and analysis service and its service safeguarding against automated intensive submission attempts.

Your personal data is also intended for public use in connection with the sharing of experiences, the management of forums, blogs and electronic messaging systems and the provision of functionality or links to content made available to the public.

For non-commercial external communication where there is a legal obligation, personal data is accessible to Guillemot, its subsidiaries (authorized personnel with responsibility for financial reporting) and service providers (financial, legal, delivery and IT service providers and broadcasters) shareholders and/or bondholders, and government agencies.

Log files are accessible to Guillemot and its subsidiaries (authorized personnel with responsibility for information systems) and service providers (IT service providers including those with responsibility for security).

Connection logs are accessible to Guillemot, its subsidiaries (authorized personnel with responsibility for information systems) and the service provider with responsibility for security.

Log file data is provided to authorized personnel in our marketing department, authorized personnel with responsibility for research and development and authorized personnel in our support department.

Excerpts from log files and connection logs may be provided or made accessible to authorized personnel in our legal department, court officials and judicial officers, and government agencies in connection with their supervisory and judicial duties.

Data from audience measurement tools is intended for Guillemot and its subsidiaries (personnel with responsibility for information systems and Guillemot personnel with responsibility for marketing) and service providers (IT service providers). The processing of this data involves the use of services provided by Google.

Data relating to the management of existing and prospective customers is accessible to senior management, authorized personnel from our marketing department, information systems department, departments responsible for handling customer relations, administrative departments (including our accounts and legal departments), logistics teams and their line management.

Recipients of data relating to the management of existing and prospective customers may include:

– Guillemot subsidiaries;

– service providers (banks, direct sellers, IT service providers, marketing service providers, fraud risk analysis providers, legal service providers, payment service providers, delivery service providers such as postmen, carriers, etc.) who provide sufficient guarantees in relation to the protection of your rights;

– developers and vendors of software used to process data (which, in that case, is anonymized);

– auditors and statutory auditors in connection with their audit activities;

– government agencies in connection with their supervisory and judicial duties;

– organizations, court officials and judicial officers in connection with their debt recovery duties; and

– agencies responsible for managing telephone marketing opt-out lists.

To provide you with services, we use IT service providers and their tools. Some IT service providers may use the information they collect through cookies and other trackers to create, for their own use, behavioral advertising profiles or to show you targeted advertisements. However, Guillemot does not disclose its existing and prospective customer files to such IT service providers.

Other customers of the payment services provider (which provides Guillemot with payer authentication services to help prevent e-commerce fraud) may also receive information (to help them detect and block actual or potential fraud).

Copies of identity documents submitted in order to exercise the right to access, correct, object to, restrict the processing of, delete or request the portability of data are accessible to authorized personnel with responsibility for information systems, authorized personnel in our legal department and government agencies in connection with their supervisory and judicial duties.

  1. I LIVE IN THE UNITED KINGDOM. IS MY PERSONAL DATA LIKELY TO BE TRANSFERRED OUTSIDE THE UNITED KINGDOM?

Yes: since Guillemot and some of its service providers and subsidiaries, with the exception of Guillemot Limited, are located outside the United Kingdom, all personal data is likely to be transferred outside the United Kingdom.

*Guillemot Limited is a company whose registered office is at Carnac Place, Cams Hall Estate, Fareham, Portsmouth, Hampshire, PO16 8UY, United Kingdom.

  1. I LIVE IN THE EUROPEAN UNION. IS MY PERSONAL DATA LIKELY TO BE TRANSFERRED OUTSIDE THE EUROPEAN UNION?

Yes, data relating to the following is transferred outside the European Union: management of existing and prospective customers; sharing of experiences; competitions, campaigns and internal marketing events; use of third-party images for promotional purposes; audience measurement and website tracking; communication via third-party social media; management of software downloads; management of product owners’ clubs; management of a community of enthusiasts wishing to receive technical information; management of content download areas; management of forums, blogs and electronic messaging systems; the sending out of information for marketing purposes; affiliate programs; reporting of bugs and other technical issues on PCs and Macs; reporting of bugs and other technical issues on phones and tablets; technical monitoring of software and hardware products; management of user access; management of the provision of information to developers; management of the provision of functionality; processing of requests and complaints; management of personal spaces for the purposes of handling requests; technical management of websites and servers; distribution of website content; responding to requests from the authorities; accounting; authentication of payers; actual and potential litigation and pre-litigation matters; and non-commercial external communications.

Some of Guillemot’s service providers and subsidiaries are located outside the European Union.

Personal data may only be transferred outside the European Union when at least one of the following criteria is met:

– The transfer is to a country recognized by the European Commission as providing an adequate level of protection.

– Appropriate guarantees are in place (in practice, this essentially means standard contractual clauses) and the data subject (you) has enforceable rights and effective legal remedies.

– The transfer corresponds to one of the exemptions or exceptions provided for in legislation.

Data from third-party cookies may be transferred outside the European Union. We encourage you to read the cookie policies of third-party sites.

  1. WHAT HAPPENS IF I LIVE OUTSIDE THE UNITED KINGDOM AND THE EUROPEAN UNION?

Laws applicable to personal data vary locally, sometimes even between states or provinces. We therefore reserve the right to apply territorial restrictions. We encourage you to check that you are using the Site and/or the Interface that corresponds to your country so as to be sure that we are meeting local requirements, including when we give you information. Please read the general terms of use (and, if applicable, any specific terms of use) of the Site you are using.

Additional practices may apply locally. For example, if you use a Guillemot forum and you live in the USA, we encourage you to read the “Notice at Collection” on the forum website in addition to this policy.

  1. MIGHT GUILLEMOT SELL MY PERSONAL DATA?

Guillemot has no plans to disclose or sell your personal data in return for money outside of Guillemot subsidiaries (Guillemot and its subsidiaries are hereinafter referred to as the “Group”). However, we may disclose or pass on some or all of your personal data in the course of or while negotiating any merger, financing transaction, acquisition or dissolution, or proceedings involving the sale, transfer, disposal or disclosure of some or all of our Business or assets. If another company or individual acquires some or all of our Business or assets, that company or individual will have access to the personal data we have collected and will assume the rights and obligations relating to your personal data.

N.B. While Guillemot uses Stripe for payment, analytics and other business services, we do not sell personal data to Stripe. Stripe collects transaction information and personal data, which it analyzes and uses to run and improve the services it provides to us, including for fraud detection purposes. We hereby inform you that, when authenticating payers (to help prevent e-commerce fraud), our service provider (Stripe) shares the characteristics of your device and indicators of your activity both with Guillemot and with the service provider’s other customers. You can find out more about Stripe and read its privacy policy at https://stripe.com.

  1. HOW LONG IS MY INFORMATION KEPT?

Cookies used to track internet users and IP addresses are kept for no longer than 13 months from the date of the first visit (when you give your consent to one or more cookies). Consequently, you should not be surprised or irritated if the window notifying you that the Site uses cookies reappears.

Personal data relating to audience measurement and Site monitoring is kept for 13 months from the date of the first visit to the Site. IP addresses relating to the distribution of website content are kept for up to 24 hours to improve website access (note that this does not mean data may not be retained for the purposes of processing on the basis of Guillemot’s legitimate security and/or defense interests), in response to requests from the authorities and in connection with actual or potential litigation or pre-litigation matters.

Data collected or generated by Google Analytics to analyze the Site’s audience is kept for a maximum of 730 days (i.e. two years).

As regards any other cookies and trackers that may be used, we encourage you to read the contents of the cookie choices window or icon accessible on each site to find out about how long they are kept.

Cookie data used by the affiliate program is kept for 30 days from the date on which an affiliate link is clicked or a product is added to the basket and a corresponding creator code is submitted.

Data collected by BugSplat for the purposes of reporting bugs and other technical issues on PCs and Macs is kept for one year.

Data collected by Google for the purposes of reporting bugs and other technical issues on phones and tablets is retained for 90 days.

Data collected in connection with the management of hardware and software development is kept in documentation relating to the product(s) in question (throughout the duration of use of the software and/or hardware product(s) in question).

The address file held for the purposes of information or non-commercial external communications is updated annually. Personal data is kept as long as is necessary for the delivery of the information or the provision of the external communication in question (for example, if you request a new annual report that is not yet available, you will be sent a holding reply and the annual report will be sent out to you when it becomes available).

If you have requested or downloaded one or more products and/or marketing or technical information relating to a product or service provided by Guillemot (or one of its subsidiaries), you are a prospective customer. If there has been communication between you and us via third-party social media only, you are a prospective customer. If you have an Account but have not placed an order (or the date of your last order was more than three years ago), you are a prospective customer. If your last order was more than three years ago or you terminated your agreement more than three years ago, you are also a prospective customer.

Personal data about prospective customers is kept for three years with effect from the date of last contact from the prospective customer or of their last visit or connection, unless the prospective customer has a “Developer” account.

Personal data used for the purposes of customer management is kept for three years for prospecting purposes.

Personal data used for the purposes of customer management is kept for up to five years after the end of the contractual relationship to allow for the processing of contractual requests and claims as well as actual or potential contractual litigation or pre-litigation matters.

Data (payment status and highly truncated payment information) provided by the payment services provider in the event of actual or potential litigation or pre-litigation matters in connection with a payment issue is kept for five years from the date the payment is made, unless the legal limitation period is suspended (i.e. the limitation period is paused and will resume once the suspension is lifted) or halted (i.e. the limitation period ceases and a new limitation period commences) or litigation is ongoing.

Delivery status data provided to Guillemot by the delivery service provider to enable Guillemot to process a complaint in the event of a delivery problem is kept for five years from the date on which delivery is completed.

Invoice data used for the purposes of customer management is kept for 10 years for archival.

Data relating to user reviews is kept until either the subject of the review (e.g. the page about the product being reviewed) is removed or the user objects.

Favorites data (favorite content, products or services) is kept until favorites are deleted or your Account is deleted.

As regards the processing of requests and complaints, information about the request (except information relating to the product(s) owned and contact information), the history of interactions relating to the request and any documents submitted via users’ personal spaces in connection with an issue (e.g. photos, videos, purchase invoices) are deleted if there has been no activity for over two years (e.g. if the request status is “Issue resolved”).

Unless the information is needed to process a request from the data subject (for example, a problem with WiFi reception or with connecting to the internet service provider’s WiFi), the connection location, internet service provider (ISP), type of device used (computer, phone, etc.), operating system used, browsing start time, number of pages viewed, specific page viewed, browser language and web browser used are not kept once the chat in which this data is used has ended.

Data used to identify devices to which a license limited to a certain number of devices is assigned is kept for as long as is needed to perform the contractual relationship. N.B. This does not mean data may not be kept and processed for other purposes (data is kept in the event of actual or potential contractual and/or criminal litigation and pre-litigation matters (piracy if a product is used without a license)).

Personal data needed to produce statistics is kept for 25 months from the date on which the raw personal data is collected.

The results of statistics (anonymous figures and charts) produced using aggregated personal data are kept indefinitely.

For as long as is needed to perform the contractual relationship, personal data is kept for the purposes of managing, archiving and monitoring contracts. N.B. This does not mean data may not be kept and processed for other purposes (contracts and evidence are kept for the purposes of actual or potential litigation or pre-litigation matters, customer management and the processing of requests and complaints; customer invoices are kept for the purposes of accounting, actual or potential litigation or pre-litigation matters, requests from the authorities, customer management and the processing of requests and complaints).

Data about the sharing of experiences is kept until either the subject of the experience (e.g. the page about the product to which the experience relates) is removed or consent is withdrawn.

Personal data relating to competitions, campaigns and “internal” marketing events and data relating to the use of third-party images for promotional purposes is kept until the (last) applicable legal limitation period has expired. Notwithstanding the above, deliverables are kept indefinitely for promotional and retrospective purposes.

Personal data relating to the sending out of information for marketing purposes is kept for as long as the subscription is maintained (i.e. until the subscriber unsubscribes via the link included in each newsletter).

Personal data used for the purposes of managing product owners’ clubs is kept throughout the duration of membership and destroyed one year after membership is terminated unless, by exception, that duration is extended (in the case of data about a member processed in connection with actual or potential litigation or pre-litigation matters).

Email addresses used for the purposes of managing a community of enthusiasts wishing to receive technical information are kept throughout the duration of a user’s membership in the community.

Identifying information about data subjects used for the purposes of managing forums and messaging systems is kept for a period of five years from the date on which the contract with the user expires or is terminated, except in the event of litigation.

Nicknames collected in connection with a member account (used to access a forum and/or messaging system) are kept for a period of one year from the date on which the member account is closed, except in the event of litigation.

Technical data used to identify the source of a connection or the device used is kept for one year, except in the event of litigation.

Other traffic and location data is kept for one year provided a number of criteria are met (this requires an order issued by the prime minister, who may take such action for reasons relating to national security where there is a current or foreseeable serious threat to the nation; this same data may be the subject of an expedited retention order issued by authorities having, pursuant to the law, access to data pertaining to electronic communications for the purposes of preventing and suppressing crime, serious crime and other serious breaches of rules they are responsible for enforcing, for the purposes of accessing this data).

Information about contributions to the content of forums and/or messaging systems is kept for one year, except in the event of litigation.

As regards affiliate programs, personal information is kept for as long as the individual remains a member of the affiliate program and, in the absence of litigation, is destroyed one year after membership in the program is terminated, with the exception of invoice data.

Data needed to monitor vulnerabilities and security incidents is kept for five years, except in the event of litigation.

If you exercise your privacy rights, data relating to identity documents may be kept until all applicable legal limitation periods have expired.

Personal data processed for the purposes of payer authentication (to help prevent e-commerce fraud) is kept for up to 15 months from the date on which the transaction in question is presented, except in the event that a request is received from the authorities and/or in the event of litigation or termination of the contract with our service provider or at the request of our service provider. In the event of a request from the authorities, litigation, termination of the contract with our service provider or a request from our service provider, in each case we may keep copies of this data to the extent permitted by law, provided we comply with the law.

Personal data collected and processed in connection with potential litigation or pre-litigation matters is deleted once the pre-litigation matter is amicably settled (this does not include settlement agreements signed and executed by all parties) or, failing that, until the applicable legal limitation period has expired.

Personal data collected and processed in connection with litigation is deleted once ordinary and extraordinary remedies against the decision are no longer possible; however, decisions handed down by the courts (including judgments, rulings, sentences, etc.) are permanently archived on the basis of our legitimate historical interest.

The contents of SMS (text) and MMS (multimedia) messages are kept by the telephony provider for a maximum of one year.

Calls we record for the purposes of improving the quality of our handling of requests and complaints (from users, prospective customers, etc.) are kept for six months from the recording date. Documented analyses of recordings are destroyed one year after the date of the recording analyzed.

Calls that are recorded or have their recording marked by one of our advisors or technicians in the event of uncivil conduct against them (insults – Articles R.621-2 and R.625-8-1 of the French Criminal Code; threats – Article 222-17 of the French Criminal Code, etc.) are kept for six months from the recording date, except in the event of litigation (they are archived to be used as evidence if an action is brought). Except in the event of litigation, documented analysis of such recordings is destroyed once the applicable legal limitation period has expired.

Personal data processed for the purposes of technical monitoring of software and hardware products is stored locally until it is received by the event collector server, it is deleted because its storage would exceed a limit, or the software is uninstalled. On the event collector server, personal data processed for the purposes of technical monitoring of software and hardware products is kept for a period linked to its event number (event type). All events except display resolution (“screen”), controller name (“midi device name”) and serial number are archived after three months. All archived events are deleted after 12 months; the display resolution and controller name are archived and only the serial number is kept in operational database.

As regards affiliate programs and the management of software downloads, user access and content download areas, the provision of functionality to users, and personal areas for the purposes of handling requests, personal data is processed for as long as the data subject’s Account or Accounts remain(s) open. If your Account is deleted for whatever reason, Guillemot will stop using your personal data to provide you with services but will temporarily retain your personal data in accordance with legislation in force for use when responding to requests from the authorities and in the event of actual or potential litigation or pre-litigation matters.

In connection with managing the provision of information to developers, personal data is processed for as long as the data subject has a “Developer” account.

If your “Developer” account is deleted for whatever reason, Guillemot will stop using your personal data to provide you with services but will temporarily retain your personal data in accordance with legislation in force for use when responding to requests from the authorities and in the event of actual or potential litigation or pre-litigation matters.

More specifically, connection log data is generally kept for six months. However, connection log data used in managing the provision of information to developers is kept throughout the applicable confidentiality period (so as to be able to prove to which confidential information the developer in question had access to on what date) and beyond in the event of litigation relating to the developer.

  1. HOW CAN I EXERCISE MY RIGHTS IN RELATION TO MY PERSONAL DATA?

If, for whatever reason, you wish access, delete or correct your personal data, restrict the processing of data relating to the data subject (you or your underage children), object to the processing of your personal data or exercise your right to the portability of your data, you should contact us via the Site or the Interface using one of the links to our contact form (for example “Contact us” or “Support”) found at the top or bottom of our web pages; in the specific case of the www.DJUCED.com site, the link to our contact form can be found in the “Help” section at the top of each page; in Interfaces, the link to our contact form can be found in the “Settings” section.

Your request should include (i) the right you wish to exercise, (ii) the identity of the requester and (iii) if the requester is not the data subject, the identity of the data subject.

Note that incomplete requests cannot be processed:

– If the person to whom the request relates is the requester (i.e. if you are acting on your own account), your request may, if we have reasonable doubts, only be considered valid once you have provided us with proof of your identity (for identity cards, a black and white copy of the front will suffice).

– If the data subject is not the requester (i.e. you are acting on someone else’s behalf), the request will only be considered valid once you have provided us with copies of proof of both the requestor’s and the data subject’s identity.

If you are a User with an Account, where available on the Site or Interface in question, you can also access and correct some of your personal data in the personal space(s) you have created.

If you do not want Guillemot to send you a newsletter, do not select options such as “I agree to receive the newsletter…”. In addition, every communication sent to you by Guillemot offers you the option of unsubscribing from further communications.

If you are not satisfied with our communications, you can file a complaint with the competent supervisory authority*:

Commission Nationale de l’Informatique et des Libertés

3 Place de Fontenoy

TSA 80715

75334 PARIS CEDEX 07

* For United Kingdom residents:

United Kingdom residents who are not happy with our communications can file a complaint with:

The Commissioner

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

United Kingdom

  1. DOES GUILLEMOT COLLECT PERSONAL DATA FROM UNDERAGE USERS?

While we do not deliberately collect personal data from underage Users, it is possible that such Users may access the Site.

The Site and the Interface are not intended for minors under the age of 13; they should not browse the Site or the Interface or provide any personal data. Consequently, Guillemot does not collect personal data relating to minors under the age of 13.

Underage Users aged 13 and over (hereinafter “Teenagers”) may browse the Site provided they do not create an Account (and do not have access to an Account password). Minors are not allowed to access certain Interfaces. Consequently, Guillemot only collects very limited personal data (relating to Teenagers).

Parental consent: Guillemot encourages parents to view the Site and the Interface with their Teenagers (if such access is authorized for Teenagers), monitor their use and help us protect their privacy by teaching them never to provide personal data (last name, email address, postal address, telephone number(s), etc.) without their parents’ authorization. Guillemot is convinced that help from parents is the best way to prevent Teenagers from providing personal data in inappropriate places. Underage Users should not submit personal data to us without the consent of their parent(s) or legal guardian.

Parental access: a parent acting as representative of a Teenager and/or a parent who has granted Guillemot the right to collect a Teenager’s personal data may view, correct, amend, object to the processing of or request the portability of personal data relating to that Teenager.

  1. HOW DOES GUILLEMOT PROTECT MY PERSONAL DATA?

To protect your personal data, Guillemot puts in place appropriate systems designed to protect the security, integrity and privacy of the information provided. The Site and the Interface are equipped with security measures aimed at protecting Users against the loss, misuse and falsification of personal data for which we are responsible. Personal data collected by Guillemot is stored in secure operating environments not accessible to the public (e.g. secure rooms with restricted access). Guillemot uses a firewalled server to protect personal data against unwanted access.

Access to certain areas of and content on the Site and access to the Interface are protected by the same password, which you should not divulge to anyone. Passwords should always be created by an adult and should be neither divulged nor left accessible to minors; your protection and the protection of minors is dependent on compliance with this rule. Guillemot will never ask you for your password by phone, chat, email or SMS text message. You should not divulge your password to anyone. Remember to log out of your Account at the end of each session. If you share a computer with someone else or use a computer in a public place such as a library or internet café, be sure to close your web browser and log out after each session so as to prevent others from accessing your information and personal communications.

Google provides Guillemot with a service that helps safeguard against automated and intensive submission attempts.

Identity data (copies of identity documents) submitted in order to exercise the right to access, correct, object to or restrict the processing of, delete, or request the portability of your data is encrypted.

Furthermore, Guillemot takes appropriate steps to ensure that third parties provide a high level of protection of any personal data they collect or use on our behalf.

The Site and the Interface may contain links to third-party sites. Guillemot cannot be held liable for the privacy protection practices of third-party sites. For more information, you are advised to read third-party sites’ own privacy policies.

There are some things you can do to help protect yourself. Guillemot encourages you to delete any emails we send you once you have read them: that way, even if a third party manages to access your emails, they will not be able to immediately access the content of any emails you have deleted.

By using this Site, you agree to abide by this Policy. Similarly, by using this Interface, you agree to abide by this Policy. If you do not agree to this Policy, you should not use, or should immediately stop using, this Site and any Interface. We reserve the right to amend this Policy without notice. We encourage you to regularly review it to ensure you are aware of any changes. By continuing to use the Site or the Interface, you agree to such changes.

  1. DOES GUILLEMOT USE AUTOMATED DECISION-MAKING?

Guillemot only uses automated decision-making for security purposes, to monitor the reliability of its information systems (and thus the protection of personal data) and to help prevent e-commerce fraud.

In principle, these systems alert one or more competent individuals, who then make decisions as appropriate. Unfortunately, such a process is not always appropriate when decisions must be reached very quickly to ensure security and reliability. For this reason, artificial intelligence is used to ensure the security and reliability of information systems. Depending on the specific situation, the detection of malicious behavior may trigger one or more automated decisions to alert one or more competent individuals and to block processes, apply quarantine measures or take corrective action. Such automated decisions may result in online access to personal data, online correction or deletion of personal data, or the restoration of personal data to a previous state being blocked. While such actions may significantly affect you, in principle they are desirable because they are designed to protect your personal data. Remember that you can always contact our advisors to exercise your rights over your personal data.

When authenticating a payer (to help prevent e-commerce fraud), the payment provider is responsible for analyzing the risk of fraud, notifying Guillemot whether or not the payment is accepted and, if not, explaining why not. If a payment is rejected for a reason such as “Additional verification required”, no automated decision-making is involved (an authorized individual carries out further back-office checks to determine whether or not the payment should be cleared). However, automated decision-making is involved if a payment is rejected for reasons such as “Categorical rejection” (for example, if a bank card is used that has been reported stolen), in which case the associated order is automatically canceled. While such action may significantly affect you, it is also important for us and the legitimate holder of the means of payment in question.

  1. LANGUAGES

In the event of any discrepancy between the French version of this Policy and any version in another language, the French version shall prevail.

  1. USE AND LEGAL NOTICE

The terms of this Privacy Policy are appended to the General Terms and Conditions of Use of our sites and, as the case may be, to the Terms of Use of the Interface, which you are advised to read.

The Site and the Interface are published by Guillemot Corporation S.A. , a company with capital of €11,617,359.60 headquartered at 2 Rue du Chêne Héleuc, 56910 Carentoir, France.

Registered company number: 414 196 758 Vannes

Tel.: +(33) 2 99 08 08 80.

The director of publication for the Site and the Interface is Claude Guillemot.

The official languages that may be used to communicate with the director of publication are French and English.

© 2024 Guillemot Corporation S.A.