Xterio is a data controller when operating our Platform; and a data processor when providing our Site and/or Platform to third-party Game publishers, Game developers, service providers (including but not limited to our third party KYC service provider) and their affiliates or their agents (collectively, “Game Entity” or “ Game Entities”).
Depending on your relationship with us, we collect different types of information about you and your device as you interact with our Services.
Information You Provide to Us
The information you provide to us when you use our Services will depend on which of our Services you use:
We may receive and store information about you and your device(s) automatically when you navigate the Services, which may include:
Please note that for the majority of user transactions on the Xterio Platform, KYC and AML checks are conducted by our KYC provider. You are strongly advised to review our KYC provider‘s privacy terms. Xterio and our KYC provider use a graduated system of KYC and AML which means that the larger the transaction the more documentary verification may be required and collected; verification may be performed by Xterio or by our KYC provider.
We also may receive information about you, your account with the Game developer or Game publisher, your Wallet, other service providers, and/or your device from third-party sources, including:
Either directly or via a third party Game publisher or developer or third party provider, we may collect the following information about Game players:
We also may host, or engage third parties to host, information about you, or manage servers in which your information is stored, on behalf of select third-party partners and service providers in order to allow you to engage in our services. Information we collect through our service providers and business partners may include your name email address and Wallet addresses.
We and our third-party partners may collect information about you and/or your device(s) using cookies, pixel tags, or similar technologies. Where we or our third-party partners do so, this will be in accordance with our cookies policy. Our third-party partners, such as analytics and advertising partners, may use these technologies to collect information about your online activities over time and across different services. Cookies are small text files containing a string of alphanumeric characters. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Site. Please review your web browser’s “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Site, you may not be able to utilize the features of the Site to their fullest potential. There are also online tools available for clearing all cookies left behind by the websites you have visited, such as www.allaboutcookies.org ; and for users in the EEA & UK,https://www.youronlinechoices.eu/. Most advertising networks offer you a way to opt out of Interest Based Advertising. If you would like to find out more information, please visit http://www.aboutads.info/choices/ or http://www.youronlinechoices.com. The information we may collect via cookies may include:
We may use the information we collect or receive about you in different ways including to:
We may share the information we collect about you with the following categories of third parties:
There are a number of different legal grounds for processing personal information. To the extent required by applicable law and depending on how we are using your information, we may rely on the following legal bases for processing your personal information:
Consent: You have given clear consent to process your personal data for a specific purpose. You can choose to withdraw your consent using specific features provided to enable you to withdraw consent, like an email unsubscribe link or your account privacy preferences.
Contract: Processing your data is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.
Legitimate interests: Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. These legitimate interests are:
Our Platform and the Games are not intended for users under the age of 13 and we do not knowingly collect data relating to children under 13.
We make reasonable efforts to protect your information by implementing and maintaining appropriate technical and organizational measures to safeguard the information we maintain. We will retain your personal information until the sooner of (i) the information is no longer necessary to accomplish the purpose for which it was provided, (ii) there is no ongoing business reason to keep the information, or (iii) until you request that your account be deleted. We may retain your information for longer periods for specific purposes to the extent that we are obliged to do so in accordance with applicable laws and regulations and/or as necessary to protect our legal rights or for certain business requirements.
We may transfer your personal data to our service providers or third parties which may be located outside the European Economic Area (EEA) and the UK, which countries may offer a lower level of data protection than in the EEA and UK. However, before we do so, we will take necessary steps to ensure that your personal data will be given adequate protection as required by relevant data privacy laws. Any personal data transfer from the EEA to third parties outside the EEA and the UK will be based on an adequacy decision or are governed by standard contractual clauses and will take place in accordance with appropriate international data transfer mechanisms and standards. Where we use providers based in the United States, we will check whether the suppliers can host the data within the EU countries. If this is not possible, we ensure that the standard contractual clauses will be in place before transferring any personal data.
You can exercise your rights by sending us an email at firstname.lastname@example.org. You are not required to pay a fee for exercising your rights, and if you make a request, we have 30 days to respond to you. Notwithstanding the foregoing, we may charge a ’reasonable fee’ for the administrative costs of complying with a request if it is manifestly unfounded or excessive, or if an individual requests further copies of their data. Also, the time period may be extended by an additional two months if the request is complex or if we receive a number of requests from the same individual. Please note that we may verify your identity before we are able to process any of the requests described in this Section, and in our discretion, deny your request if we are unable to verify your identity.
Under various data protection laws, your rights generally include the following:
We have appointed GRCI Law Limited to act as our UK Representative. If you wish to exercise your rights under the UK General Data Protection Regulation (UK GDPR) or have any queries in relation to your rights or privacy matters generally, please email our UK Representative at email@example.com. Please include the name of our company when contacting our representative.
We also have appointed IT Governance Europe Limited to act as our EU representative. If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR), or have any queries in relation to your rights or general privacy matters, please email our EU Representative at firstname.lastname@example.org Please ensure to include our company name in any correspondence you send to our Representative.
If your request or concern is not satisfactorily resolved by us, you may approach your local EU data protection authority: https://edpb.europa.eu/about-edpb/about-edpb/members_en. If you are located in the UK, you can approach the ICO: Information Commissioner’s Office, Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF, Helpline number: 0303 123 1113 ICO, website: https://www.ico.org.uk.
The California Privacy Rights Notice supplements this Policy and applies to California residents (“California Consumer”). This serves as notice under the California Consumer Privacy Act (“Act”) of the categories of personal information we have collected from California Consumers in the past 12 months.
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. YES
C. Protected classification characteristics under California or federal law Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). NO
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. YES
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO
F. Internet or other similar network activity. Browsing history, search history, information on an individual's interaction with a website, application, or advertisement. YES
G. Geolocation data Physical location or movements. YES
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO
I. Professional or employment-related information, current or past job history or performance evaluations. NO
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
K. Inferences drawn from other personal information. Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. NO
See Section 2 - HOW WE USE THE INFORMATION WE COLLECT for details on why we collect and process personal information.
We obtain the categories of personal information listed above from the following categories of sources:
We may disclose your personal information to a third party for a business purpose and when we do so, we enter into a contract describing the purpose for sharing the data. This contract also requires the recipient party to keep the personal information confidential and not use it for any other purpose except as described by the contract. We disclose your personal information for a business purpose to the following categories of third parties:
In the preceding twelve (12) months, we have not sold any personal information. Data Subject Requests If you are a California consumer, the CCPA provides specific rights regarding your personal information.
You may request that Xterio discloses to you what personal information we have collected, used, and shared, and why we collected, used, or shared that information. Specifically, you may request that we disclose:
You may also request that we provide you a copy of your personal information in a readily portable format. Right to Delete: You have the right to request we delete any of your personal information we collected from you and retained, subject to certain exceptions. Once we receive and confirm your request, we will delete, and direct our service providers to delete, your personal information from our/their records, unless an exception applies.
We will not discriminate against you for exercising any of your CCPA rights.
You can only make two Requests to Know in a 12-month period, and the information provided need only cover the 12-month period prior to receipt of your request. You may submit Requests to Know and Requests to Delete by sending an email to email@example.com.
We will need to verify your identity to respond to Requests. We cannot respond to your request or provide you with personal information if we cannot verify your identity or your authority to make the request and confirm the personal information relates to you. Making a verifiable request does not require you to create an account with us. We will only use personal information provided in a request to verify the requestor's identity and/or authority to make the request.
Please note that once you have submitted a Request to Know or Request to Delete, we will send you a receipt, acknowledging your request, within 10 business days. If, for some reason, you do not receive such a receipt within 10 days of your submitted request, please send us an email to firstname.lastname@example.org as an error may have occurred. We make every effort to respond to Requests to Know and Requests to Delete within 45 calendar days after they are received, but if necessary, we may take up to an additional 45 calendar days to respond to your request. If we require the extra time (up to 90 days), we will inform you of the reason and extension period in writing.
We do not sell your personal information as defined under California and Nevada law and therefore are not required to provide an opt-out.
As a California resident, you have the right to designate an agent to exercise these rights on your behalf. We may require proof that you have designated the authorized agent to act on your behalf and to verify your identity directly with us. Please contact us at email@example.com for more information if you wish to submit a request through an authorized agent.