Last updated July 27, 2022
Our Privacy Commitment
Protecting personal information online is one of the core values of the Entertainment Software Rating Board (“ESRB”). As a trusted privacy seal provider since 2001, we are committed to respecting the privacy rights of our online visitors and recognize the importance of protecting all information that you may choose to share with us. To further this commitment, we have adopted this Online Privacy Policy (“Privacy Policy”) to be transparent about how we collect, maintain, use, and share the information you provide us through our websites, esrb.org and esrbrating.org (the “Websites”).
Chart of Online Information Practices
A complete chart of the information we may collect from you through the Websites, how we collect it, the reason we collect it, how long we keep it, and whether we share it with third parties is provided in the following chart:
Info Collected | Manner of and Reason for Collection | Lawful Basis for Collection | Retention Period | Disclosure to Third Parties |
Webinar Sign-Up | ||||
Email and first name | If you sign up for one of our webinars, you are asked to input your email address and first name. We use this information to contact you about the webinar and to make the webinar available to you. With your permission, we will also use this information to sign you up for our email updates. | You voluntarily provide us this info, and we process it consistent with our legitimate interests. | Unless you provide permission for us to use this information to send you email updates, we keep this information only until the webinar for which you signed up and delete it shortly thereafter. If, however, you provide permission for us to use this information to send you email updates, we keep this information unless and until you unsubscribe from the updates. | Our email updates are powered by third-party Mailchimp®. To review Mailchimp®’s privacy practices, please see the “Privacy for Contacts” section of its privacy policy.
Email addresses collected beginning November 17, 2020 are shared with third-party social platforms Facebook, Instagram, Twitter, YouTube, and LinkedIn so they can serve you with content that we socialize on their platforms. Except as identified above and absent any legal obligation to do so, we will not share this info with any other third parties. |
Email Update Sign-up | ||||
Email and first name | You can input your email address to sign up for updates from us. When you sign up for updates, you also have the option of providing us with your first name. | You voluntarily provide us this info, and we process it consistent with our legitimate interests. | We keep this info unless and until you unsubscribe from the updates. | Our email updates are powered by third-party Mailchimp®. To review Mailchimp®’s privacy practices, please see the “Privacy for Contacts” section of its privacy policy.
Email addresses collected beginning November 17, 2020 are shared with third-party social platforms Facebook, Instagram, Twitter, YouTube, and LinkedIn so they can serve you with content that we socialize on their platforms. Except as identified above and absent any legal obligation to do so, we will not share this info with any other third parties. |
Online Contact Forms | ||||
Name (first and last); email address; and country | If you would like to send us a question, comment or complaint, we require you to provide this information to us so that we can reach back out to you if necessary. We will also require you to confirm you have read and agree to this Privacy Policy before we will let you submit your info. | You voluntarily provide us this info, and we process it consistent with our legitimate commercial interests. | We keep this info for the longer of 12 months or until we have adequately addressed your inquiry or complaint. If you submit a valid complaint to ESRB Privacy Certified, all records pertaining to the complaint are maintained for 3 years by statute. | Unless we have a legal obligation to do so or it is necessary to address your question or complaint, we will not share this info with any third parties, except our service providers and processors. |
Submissions by Rating Customers | ||||
Company; contact name; company contact info (address; phone number; email address) | You are required to provide this info when you create an account to submit a computer or video game or mobile app to be rated. | You voluntarily provide us this info, and we process it consistent with our legitimate commercial interests and contractual requirements. | We maintain a permanent record of all info we receive in connection with a rating. | Unless we have a legal obligation to do so, we will not share this info with any third parties, except potentially service providers and processors. |
Credit Card Info (credit card number, cardholder name, expiration, CVV, and billing info) | You have the option of paying for our rating service with a credit card, in which case we would need to collect this info from you. | You voluntarily provide us this info, and we process it consistent with our legitimate commercial interests and contractual requirements. | We retain the cardholder’s name, the card number, and the expiration date for operational purposes. | This info is shared with ESRB’s merchant services provider to process payment. |
Tracking Technologies | ||||
For info about the use of tracking technologies, including cookies and pixels on our Websites and email updates, please click here. |
- What information does this Privacy Policy cover?
- How do we define personal information?
- How do we handle personal information of children?
- What information do we collect on the Websites?
- Are tracking technologies and cookies used to collect information?
- How is your information used?
- When do we share your information?
- What kinds of security measures do we take to safeguard your personal information?
- How can you review, update, or delete your personal information?
- What are your California Privacy Rights?
- Where is data stored and how is it safeguarded?
- How can you ask questions, or send us comments, about this Privacy Policy?
- How will you know if we amend this Privacy Policy?
This Privacy Policy applies only to information collected on or after the Last Updated date of this Privacy Policy and only to information collected on the Websites. It does not apply to any other information collected by ESRB through any other means, including information that may be collected by ESRB offline. Nor does it apply to ESRB’s mobile application or any other websites or online services maintained by ESRB or by any of ESRB’s international affiliates. Finally, this Privacy Policy does not apply to any websites or other online services maintained by other companies or organizations to which ESRB links. ESRB is therefore not responsible for the content or activities provided on those websites or other online services. We encourage you to review the privacy policies of all third-parties and exercise caution in connection with them.
We define personal information as information related to an identified or identifiable natural person. For purposes of our Websites, this will include information we can use to identify or contact you (such as your name, address, telephone number, and email address), account numbers (such as your credit card number), and unique technical information (such as your IP address).
The Websites are for adults and businesses only.
Parents, we take the privacy of children seriously, and we encourage you to take an active role in protecting your children’s privacy and online experiences at all times. ESRB complies with the Children’s Online Privacy Protection Act (“COPPA”), a U.S. law designed to protect users under the age of 13 online, and relevant state laws in the U.S. If you believe that we may have unintentionally collected personal information from your child, please contact us utilizing the contact information below. If we confirm we have collected personal information from a child under the age of 16, we will delete that information from our systems.
For ease of reference, a complete chart of the information collected on the Websites is provided above. Below we further explain what we collect, how we collect it, the reasons we collect it, how long we keep it, and whether we share it with third parties. We also explain how and why information is collected by third parties utilizing cookies and pixels.
Personal and Demographic Information You Provide to Us
We only collect personal and demographic information that you provide to us. Specifically, through the Websites, you can provide us with the following personal and/or demographic information:
- Webinars: If you choose to sign up for one of our webinars, you will be required to provide us with your email address and first name.
- Email Updates: If you choose to sign up for email updates from us, you will be required to provide us with your email address and you will have the option to also provide us your first name.
- User Inquiries, Comments and Complaints: You may use our online contact form to send us questions, comments and complaints. The online contact form will require you to provide us with your name; email address; your country; and information regarding your question, comment or complaint. You may also tell us if you are a parent. You will be required to confirm that you agree to this Privacy Policy before submitting this information.
- Rating Customers: If you are a video game or app publisher and would like to submit a video game or app to be rated by ESRB, you will be required to provide us with the name of your company, first and last name of the primary contact person at the company, title (optional), email address, telephone number, fax number (optional), street or postal address, credit card information (optional), and information about the game or app you would like rated.
Cookies
We use Google Analytics to provide web analytics data about how our Websites are used, including to identify the website that linked you to our Websites. To provide this information, Google Analytics places a cookie on your web browser. We have configured Google Analytics so that none of the information it collects consists of or is linked to personal information belonging to you.
Moreover, videos appearing on the Websites are hosted by YouTube, which enables third-party cookies and ad tags from DoubleClick (Google) the moment a user visits one of the Websites. Google may use these cookies and tags to track you on the Websites and across other sites. For additional information about Google’s privacy practices, please see: https://policies.google.com/technologies/ads. To manage your YouTube-related privacy settings, please see https://www.youtube.com/account_privacy. To manage Google ads, please see https://support.google.com/ads/answer/2662922?hl=en. To opt-out of Google Analytics, please see https://support.google.com/analytics/answer/181881?hl=en.
We use cookies by Facebook and Twitter, which Facebook and Twitter use to serve targeted ads, including to serve you content we socialize on their platforms. For more information about these cookies, including options to opt-out, please see https://www.facebook.com/policies/cookies/ for Facebook and https://help.twitter.com/en/rules-and-policies/twitter-cookies for Twitter.
We use cookies by OptinMonster to help us to manage our webinar campaigns. For additional information about these cookies, please see https://optinmonster.com/gdpr/cookies/.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You can do this through the settings in your browser (e.g., Google Chrome, Microsoft Edge or Mozilla Firefox). Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies. If you turn cookies off, some of the features of the Websites might not function properly.
You can also use opt-out options provided by the Digital Advertising Alliance (available at https://optout.aboutads.info/?c=2&lang=EN#!%2F) and the Network Advertising Initiative (available at https://optout.networkadvertising.org/?c=1#!%2F).
Pixels
A pixel is a piece of code installed on a website. Our Websites have Facebook, Instagram, Twitter, YouTube, and LinkedIn (“Third-Party Social Platforms”) pixels installed, which the Third-Party Social Platforms use to serve targeted ads, including to serve you content we socialize on their platforms. The Third-Party Social Platforms collect various information about you through the pixels, including information about your activity on our Websites (e.g., what pages you access and the links you click) and, if you signed-up for our email updates on or after November 17, 2020, your email address. For our use, the Third-Party Social Platforms use this information to provide us with targeted audiences to serve our ads and to serve the content we socialize on their platforms to you. However, ESRB does not receive any personal data from the Third-Party Social Platforms about you or the target audience.
To learn more about the Third-Party Social Platforms’ privacy policies, please click here for Twitter, here for Facebook, here for Instagram, here and here for YouTube, and here for LinkedIn. To learn how to opt out of the collection of this information for targeted advertising, please visit http://www.aboutads.info/choices or http://www.youronlinechoices.eu/.
Our email updates are powered by third-party Mailchimp®. Mailchimp® utilizes pixels in the emails it powers to track how you interact with the emails we send you, including whether you receive an email, whether you open and read it, and if you click on any of the links within the email. To review Mailchimp®’s privacy practices, please see the “Privacy for Contacts” section of its privacy policy.
Do Not Track (DNT) Disclosure
Your browser may allow you to set a “do not track” (DNT) signal indicating that you do not wish your online activity to be tracked. Currently, we do not honor DNT signal headers that we may receive. The choices we provide you concerning collection and use of your personal information operate as described in this Privacy Policy.
Social Links
The Websites also include links to ESRB’s Facebook and Twitter pages and gives you the ability to share content from the Websites on Facebook, Twitter or LinkedIn. If you click on these links, you will leave the Websites. This Privacy Policy does not apply to any third-party sites. Those sites are subject to Facebook’s, Twitter’s and LinkedIn’s, respective, privacy policies. Please review them carefully.
We may use your information for various operational purposes. For example, we may use your information to send you administrative communications about the Websites. In addition, as discussed further below, we may utilize your information to send you email updates; address your inquiries, comments or complaints; or fulfill requests to rate a game or app.
Webinars
We use the information we collect when you sign up for one of our webinars (i.e., your email address and first name) to contact you about the webinar and to make the webinar available to you. Your email address will also be collected by the Third-Party Social Platforms through their pixels on our Websites. For more information, please review the information we provide on Pixels in the preceding section.
In addition, if you provide permission, your information will be used to send you email updates. Please see below for information on our email updates.
Email Updates
Our email updates are powered by third-party Mailchimp®. To review Mailchimp®’s privacy practices, please see the “Privacy for Contacts” section of its privacy policy. If you choose to sign up, we will utilize your email address and, if provided, first name, to send you email updates. If you signed-up for our email updates on or after November 17, 2020, your email address will also be collected by the Third-Party Social Platforms through their pixels on our Websites. For more information, please review the information we provide on Pixels in the preceding section.
You voluntarily provide us with this information, and we process it consistent with our legitimate interests. If you prefer not to disclose the information, you will still be able to utilize the Websites, but you will not be able to sign up for email updates.
We retain this information unless and until you unsubscribe from our email updates, or you otherwise contact us to request that we delete this information.
User Inquiries, Comments and Complaints
If you contact us using one of our online contact forms to submit a question, comment or complaint, we utilize the information you provide us to best address your complaint or inquiry. For example, if you submit a complaint about a video game retailer, we contact that retailer on your behalf to attempt to resolve your complaint. If you contact us with an inquiry or complaint regarding a rating assigned to a video game or app, we will either do our best to address your inquiry or complaint ourselves (if you are in North America), or we will advise you of the organization best suited to do so (if you are outside North America).
You voluntarily provide us with this information, and we process it consistent with our legitimate interests. If you prefer not to disclose the information, you will still be able to utilize the Websites, but you will not be able to submit a complaint, make an inquiry, or otherwise contact us through the Websites.
Except as set forth in the next sentence or in the unusual circumstance when additional time is needed to adequately address your inquiry or complaint, we will delete your email after 12 months. If your complaint is directed at ESRB Privacy Certified and concerns a member of the Privacy Certified program’s failure to abide by the Privacy Certified program requirements, your email and any other documents relating to your complaint will be retained for 3 years by statute.
Rating Customers
Sections of the Websites are dedicated to ESRB’s business function of rating computer and video games and online apps. If you are a video game or app publisher and you submit a video game or app to be rated by ESRB, we utilize the personal and business information you provide us to rate the video game or app you submit to us, to maintain a historical record of the rating, and to obtain payment for our rating services.
We consider this to be a legitimate commercial interest that justifies our collection of your information. Moreover, our collection may be necessitated by our contractual obligations to provide and track ratings, all of which is in the public’s interest. However, the decision whether to provide the information to us, belongs to you. If you prefer not to disclose the information, you will still be able to utilize the Websites, but you will not be able to submit a game or app for rating.
We maintain the information obtained in connection with a rating, including the personal and business information you provide us, in a database. Because our rating of a game or app does not expire, we maintain this information indefinitely, meaning we will not delete it.
We maintain credit card information only as long as necessary to satisfy its operational purpose.
As set forth below, whether and when we share your information depends on the type of information.
Webinars
Your email address will also be collected by the Third-Party Social Platforms through their pixels on our Websites.
Unless we have a legal obligation to do so or it is necessary to address your complaint, we will not share the information we collect from you when you sign up for one of our webinars with any third parties, except our service providers and processors and as described above.
Email Updates
Our email updates are powered by third-party Mailchimp®. To review Mailchimp®’s privacy practices, please see the “Privacy for Contacts” section of its privacy policy.
If you sign-up for our email updates on or after November 17, 2020, your email address will also be collected by the Third-Party Social Platforms through their pixels on our Websites. For more information, please review the information we provide on Pixels above.
Except as described above, or unless we have a legal obligation to do so or it is necessary to address your complaint, we will not share the information we collect to provide you email updates with any other third parties.
User Inquiries, Comments and Complaints
Unless we have a legal obligation to do so or it is necessary to address your question or complaint, we will not share this information with any third parties, except our service providers and processors.
Rating Customers
We do not share with any third parties the personal information you provide us when you create a publisher account to submit a video game or app to be rated by ESRB, except as otherwise provided in this Privacy Policy or if you choose to pay for our service by credit card through one of the Websites. If you choose to pay for our rating service by credit card through one of the Websites, your credit card and billing information is securely sent to our merchant services provider to process payment. Our merchant services vendor is required to maintain the confidentiality of your credit card information and is prohibited from using it for any other purpose.
Aggregate Information
We may take your personal information and make it non-personally identifiable, either by combining it with information about other individuals (aggregating your information with information about other individuals) or by removing characteristics (such as your name) that make the information personally identifiable to you (anonymizing your information). Given the nature of this information, no restrictions apply under this Privacy Policy on our right to aggregate or anonymize your personal information, and we may use and share the anonymized information in any way with third parties.
Mergers, Acquisitions, etc.
If we sell or otherwise transfer part or the whole of ESRB or our assets to another organization (e.g., in the course of a transaction like a merger, acquisition, bankruptcy, dissolution, liquidation), your personal information and any other information collected through our Websites may be among the items sold or transferred. The buyer or transferee will be required to honor the commitments we have made in this Privacy Policy.
Disclosures Required By Law and Disclosures to Help Protect the Security and Safety of Our Websites and Others
We may also be required to disclose, and may disclose, personal information (a) in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements; (b) to comply with applicable laws and regulatory requirements; (c) to respond to lawful requests, court orders and legal process; and (d) to protect the rights, property, or personal safety of ESRB, users, or the public.
The security and confidentiality of your information is extremely important to us. We use robust security measures to protect user information from loss, misuse and alteration. We use industry-standard practices such as encrypted communications, physically secured rooms, firewalls, and password protection systems to safeguard the confidentiality of your personal information. Despite our best efforts, no security measure is ever perfect or impenetrable. If we learn that your unencrypted personal information has been compromised by a data breach, we will notify you consistent with applicable laws.
You may have the right to access, update, and request the deletion of information you have previously provided to us; request a portable copy of your personal information; or object to our processing of your personal information, which you may do by emailing us at [email protected]. However, if your personal information is being maintained pursuant to a contractual or other legal obligation, we may not be required to honor your request.
California Civil Code § 1798.83 permits users of our Websites who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. If you are a California resident and you have questions about how your information may have been shared, you may contact us at:
ESRB
PO Box 4584
New York, NY 10163-4584
ATTN: VP, Privacy Certified
[email protected]
The Websites are hosted by WPEngine, Inc. (“WPEngine”) on servers that may be located outside your home country, including within the United States. WPEngine is certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (“Privacy Shield”) as set forth by the U.S. Department of Commerce. To learn more about Privacy Shield, and to view WPEngine’s certification, please visit https://www.privacyshield.gov/. While Privacy Shield is no longer a valid lawful basis on which companies may rely to transfer personal data from the European Union to the United States, WPEngine also implements additional contractual safeguards. For more information about WPEngine’s practices, please click here.
Likewise, Mailchimp®, the third party that powers our email updates; Google/YouTube, Facebook, Instagram, LinkedIn, and Twitter, which track usage of our Websites and provide targeted content to our email subscribers; and Microsoft, which hosts some of the data on its cloud servers, utilize standard data protection clauses and other safeguards when transferring personal information out of the European Union. For more information, please click here for Mailchimp®, here for Google, here for Facebook, here for Instagram, here for Twitter, here for LinkedIn, and here for Microsoft.
If you have questions or wish to send us comments about this Privacy Policy, or the processing of your personal information, please contact us at:
ESRB
PO Box 4584
New York, NY 10163-4584
ATTN: Privacy Certified
Via email: [email protected]
Or our EU Representative at:
Adaptant Solutions AG
Rosenheimer Str. 139
81671 Munich
Germany
Via email: [email protected]
Via online contact form: https://www.adaptant.io/contacts-locations/
Or our UK Representative at:
Adaptant Solutions Ltd.
Kemp House, 160 City Road
London EC1V 2NX
United Kingdom
Via email: [email protected]
Via online contact form: https://www.adaptant.io/contacts-locations/
We may amend this Privacy Policy at any time. If we make any material changes in the way we collect, use, or disclose your personal information, we will notify you by prominently posting notice of the changes on the Websites. If we make any material changes to this Privacy Policy that retroactively impact the way in which we use or disclose personal information already collected from you, we will attempt to notify you by email and seek your consent to those changes.