Last update: 13 December 2023
This Privacy Policy (hereinafter the “Policy“) illustrates the commitments of DON’T NOD ENTERTAINMENT S.A. (hereinafter “DNE” or “we“), in its capacity as the controller (hereinafter the “Controller“), in terms of obtaining, using and protecting the personal data collected when an individual (hereinafter “you) uses our services and/or products (hereinafter referred to collectively as the “Services“).
This Policy may be modified or amended at any time. If applicable, any changes will become effective as of the date set forth at the top of this Policy, which corresponds to the date of their notification. We would advise you to review this Policy whenever you use our Services to keep informed of the information practices that we have implemented and the means available for protecting your privacy. Therefore, by continuing to use our Services after this date, you indicate your unconditional and unreserved acceptance of the changes made. If you do not agree with certain changes made to this Policy, you must refrain from using our Services.
In any case, you acknowledge that by accessing and/or using our Services, you warrant that you have understood and accepted the provisions stipulated in this Policy by checking the box provided if applicable or by any other mechanism that DNE has implemented for this particular purpose.
For the purposes of this Policy, the terms “supervisory authorities“, “consent“, “recipients (of the personal data)“, “personal data“, “data subjects“, “Controller” and “process/processing (of personal data)” will have the same meaning as set forth in Articles 4 and 51 of Regulation (EU) 2016/679 of 27 April 2016.
Note that the term “data” means the first-party and/or second-party personal data that DNE is authorised to process. First-party data refer to the “proprietary” data that DNE has collected directly in its capacity as the Controller. Second-party data refer to data belonging to data subjects that have essentially been acquired from a partner that has agreed to share such data with DNE.
1. General information – Principles relating to the processing of your data
DON’T NOD ENTERTAINMENT S.A. is a limited company organised under the laws of France, incorporated in the Paris Register of Companies under number 504 161 902, and whose registered office is located at 11 rue de Cambrai, Parc du Pont de Flandre, Immeuble “le Beauvaisis”, 75019 Paris, France.
DNE processes your personal data as the Controller. You can contact us by email at privacy@dont-nod.com, or by post to the abovementioned address.
The aim of this Policy is to inform you of our practices for collecting, using and protecting the personal data that you are required to provide us when using our Services.
Our Services are not intended for minors without permission from a parent or legal guardian. We are committed to ensuring compliance with this principle at all times on account of its fundamental importance for our company.
Note that the minimum age required to use our Services is 16 years, or the minimum age specified by applicable legislation for collecting and processing minors’ data. If we have inadvertently collected personal data belonging to children under the age of 16 years without permission from a parent or legal guardian, the said parent or legal guardian may contact DNE, as the Controller of the personal data, to request the immediate deletion of the data collected (refer to Sections 7 and 8 herein).
It is vitally important for you to read this Policy as well as any other privacy policies relating to the collection and processing of your personal data that we might send you when using our Services, so that you are perfectly aware of how and why we are using your data.
Irrespective of the intended activity, we agree to only collect the personal data as required to pursue the company’s legitimate interests or respond to any of your requests as efficiently as possible.
We collect personal data solely in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, effective as of 25 May 2018 (the “General Data Protection Regulation”, hereinafter the “GDPR“), and the French Data Protection Act no. 78/17 of 6 January 1978, as amended in June 2018 and by the regulation of 29 May 2019.
In addition, DNE is committed to applying the principles of proportionality and data minimisation (A), fairness and transparency (B), and privacy by design (C) when collecting personal data.
- Principles of proportionality and data minimisation
The personal data collected will be used exclusively to pursue the purposes defined in this Policy.
For each processing operation performed, DNE also agrees to only collect and process the data that are strictly required to perform the aim pursued.
- Principles of fairness and transparency
As part of its determination to ensure fairness and transparency towards the people using its Services, DNE takes care to inform the data subjects of each processing operation implemented by adding information notices directly to the data collection interfaces.
Data are collected in a fair manner; data will not be collected without the data subjects’ knowledge, without notifying them accordingly and without obtaining their consent, as necessary.
- Principle of privacy by design
DNE agrees to take and implement measures to protect users’ privacy and data confidentiality by default, and when designing the project aimed at providing the Services.
This principle is especially important to DNE when choosing its technical providers and selecting the mechanisms for collecting your personal data.
2. Processing of your personal data
We collect two types of data about our users, namely “identifying data” which we class as personal data, and “non-identifying data”.
“Personal data” means any information relating to an identified or identifiable natural person, whether directly or indirectly, in particular by reference to an identifier (such as a name or location data) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Non-identifying data do not contain any information for identifying the natural person and are therefore anonymous.
In addition, we generally collect data in three ways: (a) you voluntarily provide the information, such as by signing up for our newsletter, (b) we automatically collect certain data as part of your use of the Services or by means of cookies, and (c) third parties (such as games console platforms and social media) may provide us with such data.
- Personal data processing when using the Services
Depending on the Services that you use, all the processing procedures implemented by DNE are listed in the following table.
| Services | Data subjects | Categories of personal data | Purposes | Legal grounds | Storage period |
| “Contact” feature on the website | • The person using the website wishes to send a message to DNE via the website | • Email • Any other data that you wish to send us | • Fulfil your request | • Your consent | • Time required to fulfil your request |
| “Newsletter” feature on the website | • The person using the website wishes to sign up for DNE’s newsletter | • Add the user to the list of recipients for DNE’s newsletter | • Your consent | • Term for which the Service is provided | |
| “Share content” feature on the website | • The person using the website wishes to share content with DNE | • Identifying data • Email • Any other data that you wish to send us | • Fulfil your request • Publish the shared content | • Your consent | • Time required to fulfil your request • Ten (10) years when posting your content |
| Application with SmartRecruitersTM | • Unsolicited application or in response to a DNE job vacancy | • Surname • First name • Email • Home address • Telephone number • Various data relating to your work experience • URL addresses of your presence on social media • Any other data that you wish to send us | • Carry out the recruitment process • Contact you at a later data concerning another job vacancy | • Your consent | • Two (2) years from receiving your consent |
| Betas and playtests | • Gamers | • Identifying data • Contact details | • Register and organise the test phases, and process the results of your experience | • Your consent | • Duration of the game’s development period + three (3) years |
| Statistical analyses | • Gamers • Website users | • Identifying and login data • Contact details • Consumer habits and everyday practices • Service usage data | • Analyse how the Services and website are used for the purpose of improving their performance | • Your consent | • Three (3) years from receiving your consent |
| Promotional campaigns (games and competitions) | • Participants | • Identifying data • Contact details • Any other data required to take part in the promotional campaign | • Register, organise and monitor the promotional campaign | • Your consent | • Duration of the promotional campaign + two (2) years |
| Fulfilment of requests to exercise rights | • Any person submitting a request | • Identifying data received (copy of an ID card) • Contact details | • Fulfil the request | • Legal obligation | • Time required to fulfil your request |
| Requests from supervisory authorities and other authorised third parties | • Any person concerned by the request | • Any data concerned by the request | • Respond to the request | • Legal obligation | • Time required to fulfil the request |
| Requests sent on ZendeskTM | • Any person submitting a request | • Identifying data • Email • Any other data that you wish to send us | • Respond to the request | • Your consent | • 6 months |
| Data collect through our partner Gamesight | People buying our games | •IP address •API version •User id •Time datas •API Key •OS •Screen resolution •Time zone •System language •In-game event | •Monitor & measure the impact of our marketing campaigns | • Your consent | Time necessary to anonymize the data |
| Data collect through our partner PlayfabTM | • People buying our games (players) | • Authentication data (name, connection history, etc.) • Identification numbers (IP, etc.) • Location data • Device identification (platform) | • Game Improvement | • Your consent | • Duration necessary to anonymize the data (2 years maximum) |
- Cookies
Cookies are small files that are installed on your computer or device when you visit a website. They are widely used to allow websites to function properly or improve their performance. They enable websites to recognise your device and save your navigation information.
On the website, you can refuse cookies by clicking on the “Reject All” tab provided (in the banner that is displayed when connecting to the website). You can also configure which cookies you want to accept and which cookies you would rather refuse by clicking on the “Cookie settings” tab provided.
Furthermore, DNE allows for the insertion of pixels from third-party social media, so that we can analyse the performance of our media campaigns over such platforms as Facebook™, Twitter™ and YouTube™. Any subsequent processing activities that these platforms might carry out on your data will be governed by the privacy and cookie policies of each platform / social media site concerned.
We use the following cookies:
| Name | Storage location | Purpose | Storage period |
| Necessary cookies | On the website | Display the Services, ensure that the Services are available and make sure that the website functions correctly | • Six (6) months from receiving your consent |
| Security cookies | On the website | Ensure an appropriate level of security for the website and Services | • Six (6) months from receiving your consent |
| Preference cookies | On the website | Memorise the browser preferences, language and country | • Six (6) months from receiving your consent |
| Cookies storing your choices about installing cookies | On the website | Justify your consent to store cookies | • Six (6) months from receiving your consent |
| Google Analytics™ | On the website | Generate website traffic and/or performance statistics exclusively on our behalf for managing, improving and enhancing the user experience | • Six (6) months from receiving your consent |
| Google Ads™ | On the website | Analyse the effectiveness of an advertising campaign, avoid repeatedly displaying the same ad on third-party sites, and show ads matching your centres of interest | • Six (6) months from receiving your consent |
| Facebook™ | On the website | Analyse the effectiveness of an advertising campaign, and show ads matching your centres of interest | • Six (6) months from receiving your consent |
| Twitter™ | On the website | Analyse the effectiveness of an advertising campaign | • Six (6) months from receiving your consent |
| YouTube™ | On the website | Save your playback preferences for YouTube videos | • Six (6) months from receiving your consent |
| HotjarTM | On the website | Understand our users’ needs and to optimize the service and experience (device’s IP address, device screen size, device type, browser information, geographic location and the preferred language). | • The data is anonymized |
| Gamesight | On the website | Monitor & measure the impact of our marketing campaigns (anonymized data : IP adress, API version, User id, Time datas, API Key, OS, Screen resolution, Time zone, System language, In-game event) | • The data is anonymized |
All browsers allow you to configure, block or delete cookies:
- Internet Explorer™: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies ;
- Safari™: https://support.apple.com/safari
- Chrome™: https://support.google.com/chrome/answer/95647?hl=en-GB&hlrm=en
- Firefox™: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Opera™: https://help.opera.com/en/latest/web-preferences/#cookies
You can find out more about cookies and how to manage them by visiting the website of the French data protection authority (CNIL) at www.cnil.fr/en/home.
3. How we share your data
The personal data that we collect and the personal data that are gathered at a later stage are intended for our company as the Controller.
We ensure that only authorised people working at DNE are able to access such data. Our providers may be recipients of the personal data when they have been appointed to carry out services on our behalf. Lastly, some personal data may be transferred to legally empowered third parties or supervisory authorities for the purpose of fulfilling our statutory, regulatory or contractual obligations.
When sharing your information with our technical providers, we agree to bind those providers with the terms and conditions of this Policy and generally with their legal obligations inherent in their capacity as processors. DNE requires its processors to provide contractual safeguards in relation to the security and confidentiality of the personal data using appropriate human and technical resources to protect such data.
Where data disclosure is required by law or deemed necessary to protect the security of our website, we reserve the right to disclose any collected data without any particular limitation of time. We will ensure that such disclosure remains within the framework authorised or required by law.
In any case, you acknowledge that you have an important role to play in protecting your personal data when using our Services. Generally, we would advise you to exercise the utmost caution when transferring your personal data to third parties or sharing your personal data in public and private online groups. To the extent permitted by applicable legislation, we disclaim any and all liability for our technical providers and other processors. Similarly, we may in no way be held liable in cases where you are proven to have instigated the data transfer in question.
Lastly, DNE will not transfer any personal data outside the European Union unless it has implemented the appropriate legal security measures to guarantee the security of your data.
4. How we ensure the security of your data
Maintaining the security and confidentiality of your personal data is one of our top priorities. That is why we have implemented a number of technical, administrative and physical measures that are consistent with the type of data that we process and the risks inherent in the different processing activities, with the aim of maintaining data security and preventing such data from being disclosed, deformed, damaged, destroyed, used for unlawful or unauthorised purposes, or accessed by unauthorised third parties. We also use our best efforts to ensure that access to personal data is restricted to only those employees or processors with a legitimate interest to know such data for the purposes of performing their duties.
We also carry out occasional inspections into our own security protocols to take the necessary measures to address any new or innovative technologies and methods. Nevertheless, despite the extent of our initiatives and the measures implemented, you acknowledge that no security protocol is perfect, infallible or impenetrable.
5. Withdrawal of your consent
We endeavour to provide you with a significant number of choices in terms of the personal data that you share with us and the way in which we are likely to use those data.
Even after you have shared your data with us, you are free to withdraw your consent at any time. Simply write to us at privacy@dont-nod.com and put “Delete my personal data in the subject line. Also provide your full name and email address.
If you ask to delete your personal data, you are reminded that we will be required to terminate your use of the Services.
As far as cookies are concerned and as specified in Section 2 of this Policy, you can change your browser settings or take other measures to manage or delete cookies. By changing your browser settings, you can choose to be notified when a cookie is installed or you can reject all cookies. In some cases, blocking or disabling cookies may prevent our Services from working properly, and some features might be unavailable.
6. Your rights
In accordance with the GDPR and subject to proving their identity, any natural person concerned has the right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, and right to object to the processing of their personal data. You also have the right to lodge a complaint with a supervisory authority.
When you wish to receive information about the processing operations on your personal data, you will receive confirmation as to whether or not your personal data are being processed and, where that is the case, you will have the right of access to your personal data and the following information: (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipient, as well as the organisations to which the personal data have been or will be disclosed; (d) where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the Controller rectification or erasure of your personal data or restriction of processing of your personal data, or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) the existence of automated decision-making, including profiling, and in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subjects.
Nevertheless, if you wish to exercise your right to be informed, we might not be required to comply with the request where: (a) you already possess the information; (b) the recording or disclosure of your personal data is expressly laid down by law; (c) the provision of information proves to be impossible; (d) the provision of information would involve a disproportionate effort; (e) our investigations reveal that DNE is not processing any of your personal data.
- Your right to access and rectify your data
You have the right to access and rectify your personal data. You can exercise this right by writing to us by email or post as specified in Section 11 “How to contact us” in this Policy. The request must be unambiguous, and we would advise you to put “Access my data” / “rectify my data” in the subject line, while providing valid proof of your identity.
- Your right to erase your data – Your right to object
You can ask us to delete your personal data where one of the following grounds applies: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) you withdraw the consent that you have previously given; (c) you object to the processing of your personal data where there are no legitimate grounds for the processing; (d) your personal data have been processed other than in accordance with applicable legislation and regulations.
Nonetheless and in pursuance of the provisions in Section 6 “Withdrawal of your consent“, DNE may terminate your use of the Services after erasing your personal data.
Finally, you will not be allowed to exercise this right where storage of your personal data is a statutory or regulatory requirement, and especially for the establishment, exercise or defence of legal claims.
- Your right to restriction of processing
You can ask to restrict the processing of your personal data where one of the following applies: (a) you contest the accuracy of your personal data; (b) you believe that the processing of your data is unlawful and you oppose the erasure of your personal data, and you request the restriction of their use instead; (c) we no longer need your personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; (d) you have objected to processing pursuant to Article 21(1) of the GDPR.
We will then restrict the processing of your personal data, unless there are legitimate grounds that override your right.
In pursuance of the provisions in Section 6 “Withdrawal of your consent“, DNE may terminate your use of the Services after erasing your personal data.
- Your right to the portability of your personal data
You have the right to the portability of your personal data. The data on which this right may be exercised include: (a) only your personal data, which excludes anonymised personal data or data that do not concern you; (b) self-reported personal data and operational personal data; (c) personal data that do not adversely affect the rights or freedoms of others, including trade secrets.
This right is restricted to processing activities based on consent or a contract, as well as the personal data that you have personally generated. This right does not include derived or inferred data, which are personal data created by DNE.
- Your right to transmit instructions about the storage and disclosure of your data after your death
Where DNE carries out automated processing operations on your personal data, you have the right to decide what will happen to your data after your death and provide us with instructions accordingly to: (a) delete your data, or (b) transfer your data to a trusted third party.
- Your right to lodge a complaint with a supervisory authority
The competent supervisory authority for dealing with complaints or any requests concerning the processing activities organised by DNE is the French data protection authority (Commission Nationale de l’Informatique et des Libertés, hereinafter “CNIL“). If you wish to refer any requests to CNIL, the contact details are provided below:
CNIL (COMMISSION NATIONALE DE L’INFORMATIQUE ET DES LIBERTÉS)
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
Tel: +33 (0)1 53 73 22 22 (Monday to Thursday from 9 am to 6:30 pm / Friday from 9 am to 6 pm)
Fax: +33 (0)1 53 73 22 00
Website: https://www.cnil.fr/en/home
If you wish to lodge a complaint with CNIL, you can complete the online complaint form at the following address: https://www.cnil.fr/fr/plaintes.
7. How to exercise your rights
All the foregoing rights can be exercised by sending an email to privacy@dont-nod.com or by post at the following address: DON’T NOD ENTERTAINMENT S.A., 11 rue de Cambrai, Parc du Pont de Flandre, Immeuble “le Beauvaisis”, 75019 Paris, France. Make sure that you specify the subject of your request and include any supporting evidence to prove your identity.
8. Data storage period
DNE will only retain your personal data for as long as necessary to pursue the aforementioned purposes of processing and in accordance with applicable legislation.
For every processing activity implemented by DNE, the period is indicated in Section 2 of this Policy.
However, DNE may archive some types of data for longer periods (with restricted access) where justified, such as to fulfil its legal obligations and/or protect our rights, especially on commercial, civil, tax and litigation matters.
9. Links pointing to other sites
This Policy only concerns our practices for collecting, using and protecting your personal data when using our Services. Any other websites that may be accessible from our website have their own privacy policies, which we would advise you to read. We disclaim any and all liability for the content, activities and potential collection of information arising from your use of other websites whose links might be available on our website.
10. How to contact us
For any questions relating to this Policy, you can contact us by email at privacy@dont-nod.com or by post at the following address: DON’T NOD ENTERTAINMENT S.A., 11 rue de Cambrai, Parc du Pont de Flandre, Immeuble “le Beauvaisis”, 75019 Paris, France.
For all intents and purposes, the data sent to the email address and postal address above will not be used to send you marketing content.
11. Governing law
The use of our Services, the personal data processing activities performed by DNE and this Policy will be governed by and construed in accordance with French law, unless prohibited by an international convention or law.
Don’t Nod Entertainment © 2022 – All rights reserved.