Revision date: June ______, 2024

Preamble

Maintaining your privacy is important for the Asmodee Group. 

This Policy on personal data protection forms an integral part of the General Conditions of Use. The definitions contained in the latter document therefore similarly apply to this Policy.

The purpose of the Policy is to notify visitors (i.e. anyone simply viewing the Products and Services offered online), Users (i.e. anyone registered to the site) (collectively hereafter referred to as “You”) of the website www.starwarsunlimited.com (hereafter the “Site”) about the process employed by Asmodee North America, Inc., a Minnesota corporation having its registered office at 1995 County Road B2 West, Roseville, MN 55113 (hereafter “ANA”, “us” or “we”), a subsidiary of the Asmodee Group, for the processing of your personal data (hereafter “Personal Data” or “Data”), including the rights You enjoy in this regard.

ANA complies with all applicable laws in order to protect your privacy, including the CCPA (California Consumer Privacy Act), the GDPR (General Data Protection Regulation of the EU) and the UK GDPR (General data Protection Regulation of the UK), where such legislation applies to You.

If You are not in agreement with the Policy and practices set out below, You may decide not to use our Site.

MAIN FEATURES OF THE POLICY

Information collected

We collect information about You whenever You use the Site or interact with us.

In addition to the information declared by You (e.g. when creating an account, when playing our games or if You subscribe to our loyalty, tournaments, or other programs), certain information is automatically collected, generated or deduced by our systems (e.g. Your logon data).

We invite you to keep us regularly informed in writing of any change in your contact details.

Utilization

We use this information to provide You with the Services and Products requested on our Site.               
This information also enables us to gain a better understanding of your preferences and to send You customized offers about our Products and Services, subject to obtaining your consent whenever required.

Recipients

The information will be forwarded to our service providers whenever necessary to provide You with the requested Product or Service, and/or to any of our affiliated companies.

Transfer

Data may be transferred outside the EU due to the organizational structure or physical location of certain of our service providers (hosting companies, payment or security service providers, etc.).

For further information, please click here.

Your options and rights

In order to exercise your rights of Data access and rectification, or to find out about the other rights You enjoy under data protection legislation, please click here.

Contact us

For any questions or complaints You may have in relation to the Policy, please use the following contact addresses:               
- Via e-mail:  unlimited@fantasyflightgames.com               
- Via post: 1995 County Road B2 West, Roseville, MN 55113               
 

Definitions

The following terms used in the Policy in either their singular or plural form have the following definitions:

Temporary Storage: means transfer of Personal Data which is of administrative significance to us (e.g. in the case of a dispute and/or legal obligation) to a logically or physically separate database and, in all circumstances, subject to restricted access. Such storage represents an intermediate stage prior to the deletion or anonymization of the Personal Data in question;

Account: means the unique account accessible on the website asmodee.net via the User’s personal and confidential login data, which may not be communicated to any third party;

Personal Data: means any information about or which identifies a given person, including information designated as “personally identifiable information” or “personal information” under any applicable data confidentiality law or regulation.

Applicable Law: means all applicable laws, regulations and other requirements. This includes the General Data Protection Regulation (Regulation (EU) 2016/679, or GDPR), the equivalent requirements in the UK, including the 2018 UK General Data Protection Regulation (UK GDPR) and the California Consumer Privacy Act (CCPA).

Asmodee Group: means 

• The company Financière Amuse BidCo, the parent company of the Asmodee Group, having its registered office at 18, rue Jacqueline Auriol, 78280 Guyancourt, France;
• All companies and other entities directly or indirectly controlled by Financière Amuse BidCo, a list of which is regularly updated and made available on our corporate website;

Platform: means the platform accessible from the Site;

Policy: means this privacy policy;

Product: means the physical products marketed on the Asmodee Platform and via its Partners' Applications, notably games;

Service: means any service offered on the Platform, including access to chat rooms and/or newsgroups and discussion areas where Users may exchange information, access online games, online tournaments, locate stores, register cards, and create content (avatars, game scenarios, stories, suggestions, comments, etc.);

User or You: means the natural person whose minimum age is defined in local legislation, who is browsing on the Platform from their Terminal and whose Personal Data processing is governed by the Policy. Where the User is below the required age, they guarantee to have obtained parental consent for the processing of their Personal Data;

Terminal: means the hardware (computer, tablet, smartphone, phone, etc.) employed by the User in order to use the Platform or Products.

Scope

 ANA, is the data controller of your Personal Data.

Useful information!               
You are probably unaware that, when You log in to your AsmoConnect account from our Site or subscribe to our newsletter, your Personal Data is processed by Asmodee Digital, where each party acts as data controller for its own legitimate purposes. In summary:

• We process your Data for all the purposes described below;
• Asmodee Digital processes your Data for marketing purposes and to provide You with the benefits of unique authentication.

Third parties wishing to know your main interests to constitute similar audiences and target prospects that match your profile. In the context of this specific data processing, ANA is not the Data Controller relating to prospecting and you will not be subject to prospecting, your data is only used to constitute profiles similar to yours. 

Minimum age

Maintaining the security and privacy of children is very important to us. We neither deliberately collect nor exploit the Personal Data of persons below the minimum age defined in local legislation (e.g. 15 in France), unless with the consent of the child and the holder of parental authority.

You therefore also confirm to have reached the minimum age when You provide us with your Personal Data in relation to your utilization of our Products and Services. If You are under below the minimum age, You must request permission from your parent or legal guardian to provide us with your Personal Data. To this end, please contact us as specified in the section below entitled “Contact and complaints”. 

What Personal Data do we collect?

Personal Data given to us by You directly

We collect the following Personal Data:

• Identification data, such as your gender, surname, user name, first name, pseudonym, date of birth, internal customer identifier and, as applicable, ID number. Certain Data, such as your pseudonym, are made public to enable the community to locate You within our Services.
• Login data such as your e-mail address in order to create an account and to connect You to your account, your country of residence and postcode.
• Data relating to the profile You have created (avatar, gender, preferred colour, languages spoken and game preferences). 
• Data communicated by You to us when playing our online games: your profile information, games and game statistics. 
• Data about communicated content (notably via chat rooms, discussion areas, posts on forums, messages, contact forms and other Site functionalities).
• Data about your help requests. 
• Data about your behaviour and reputation: game levels attained, prizes, classifications, game missions conducted, statistics such as game time and data relating to bugs and malfunctions. 
• Data voluntarily forwarded by You to us in order to receive our newsletter, to benefit from early access to our games, to use our development tools (Beta Test), to participate in competitions or when You contact us via Customer Services. 
• Data when You register for a competition: surname, first name, user name and e-mail and postal addresses.
• Your dietary requirements for tournaments where we provide meals.
• Any other information about the provision of our Services and in order to satisfy your requirements.
• AsmoConnect username, ID, and email address

We do not collect any “sensitive” Personal Data within the meaning of applicable laws on Personal Data protection, notably Data about your state of health or which may reveal your claimed racial or ethnic origin, your political opinions, your religious or philosophical beliefs or your membership of a trade union.

Personal Data collected by us automatically 

Every time You visit our Site, we automatically collect (with your consent, as and when required) certain Personal Data or Data relating to your computer or other device, through the utilisation of cookies. Such information notably includes: 

• The IP address automatically assigned to your computer when You use the internet; 
• The type of web browser You use; 
• The type of operating system You use to access the Site; 
• The domain name of your internet service provider; 
• Your originating webpage; 
• Your country of residence and language; 
• The pages and options You visit and which You access on our Site, including the time spent on such pages; 
• Your gaming experience, duration, times of use, tryouts, progression, results and saved preferences.

Whenever You access, visit and/or use the Site, we may therefore monitor your visit and collect certain Data about your use of the Products and Services and your activity on the Site. For further information about our use of cookies, please refer to our Cookies Policy by clicking HERE.

Personal Data we collect from third parties 

In certain cases, we may also receive your Personal Data from service providers and other third parties relating to your use of our games or your interaction with us on third-party game platforms (Discord, Twitch, etc.), or via the consoles of Sony, Microsoft, Nintendo and Google. Such Data may include your user name or device identifier, your e-mail address, country, language, list of friends, date of birth and certain preferences, and the fact that You have made a purchase, as applicable, but excluding all financial information.

You may further purchase, download or access certain of our games via services exploited by third parties. In any such case, the party in question may provide us with information to facilitate your access to and utilization of our games. In general terms, this includes information such as your display name, user id and information about the device and region. For example, You may decide to download and play our games on game consoles (e.g. PlayStation®, Microsoft Xbox and Nintendo Switch) via your game console account. In any such case, the company operating the platform or service may share certain information with us, which notably helps us to enhance your gaming experience and to monitor your progression.

What use do we make of the information collected and for how long will it be retained?

In accordance with applicable data protection laws, we only collect Personal Data if we have a legal basis for such action.

Personal Data is collected on the basis of:

• Pre-contractual measures or for the purpose of contract execution; or
• Your consent; or
• Our legitimate interests; or
• Enabling us to comply with our legal obligations.
• Provide users of the site a more integrated experience between their AsmoConnect account, their StarWarsUnlimited.com account, and their participation at Star Wars: Unlimited Organized Play events

We draw your attention to the fact that certain Data may be retained for periods longer than those stated below in order to enable us to meet our legal obligations, to defend our rights should any action for liability be taken against us or to exercise our judicial rights. In any such case, your Personal Data will be stored and retained for the period specified in applicable regulations or for the applicable period of statutory limitation.

Once your Personal Data is no longer required, we will ensure that it is deleted or anonymized.

Where processing is based on our legitimate interests, we will take into account all potential effects that exploitation of your Data could have on You. Where we believe your interests or fundamental rights and freedoms prevail over our legitimate interests, we will not use your Personal Data on this basis and will ask for your specific consent.

We do not use Personal Data for any purpose incompatible with the reason for it originally having been collected, unless subsequently approved by You.

For Data processing performed via cookies and trackers, please refer to our cookies policy HERE.

With whom do we share your Personal Data?

We communicate your information, including if possible in a form that does not allow a direct identification, to:

Recipients internal to the Asmodee Group

• Authorized personnel from the marketing department, departments responsible for customer relations and sales development, the administration and legal departments, the logistics and IT departments and their line managers; 
• Other Asmodee Group companies acting as processors according to our instructions and solely on our behalf, or as joint controllers to provide you with the same personalized service worldwide.

User data from signing in is collected and transmitted to (Asmodee Digital) an internal recipient.

External recipients

• The authorized personnel of our service providers, including third parties in charge of managing our communications and alerts, third parties who assist us in the organization of our events, third parties providing IT services including hosting the platform, digital communication and public relations agencies;
• Social networks (lnstagram, Facebook, Twitter and TikTok) may also establish the “whys” and “hows” for utilization of your Personal Data. They have their own privacy and cookies policies. Accordingly, bear in mind that the Personal Data transmitted by You to such networks is subject to their rules, not ours;
• To the public: during your communications; 
• Your Data on forums and blogs; 
•  With console and platform partners  (e.g. to enhance the gaming experience when You access our games or services via a third-party console supplier);
• To a subcontractor for tournament management 

Please note that these third-party partners may act as data controllers; in such cases, they have their own privacy policies. 

These third parties include:

• Third parties in the event of a change of control, for legal reasons, or with your prior consent
• Third parties or other Asmodee entities wishing to know your main interests to constitute similar audiences and target prospects that match your profile. In the context of this specific data processing, ANA is not the Data Controller relating to prospecting and you will not be subject to prospecting, your data is only used to constitute profiles similar to yours

Please note that this list is not exhaustive and there may be other circumstances in which we share your Data with third parties, provided it is in the legitimate interests of Asmodee, or permitted under applicable laws or is necessary to enable us to comply with our legal obligations.

In this context, your Personal Data may be transferred outside the European Economic Area (EEA) to countries that do not provide the same level of protection as that provided within the EEA, such as China and Canada. In the absence of a decision of adequacy being issued by the European Commission, any such transfer of your Personal Data will be governed by standard contractual clauses adopted by the European Commission. You may contact us in order to obtain a copy, although certain details may be omitted for confidentiality reasons.

Note for Quebec Residents and California Residents: We do not share or sell your data to third parties for separate commercial purposes. However, the meaning of “sale” and “share” under the California Privacy Rights Act (CPRA) is broad and may include sharing information with third parties through cookies and other trackers that we use for performance purposes, targeted advertisements, and social media purposes, as described above. Information disclosed to such third parties includes basic identification information, device information and other unique identifiers, internet activity, and commercial data. ANA uses cookies and other trackers, for purposes defined in our cookies policy. 

You have the right to accept or reject all cookies except strictly necessary cookies (this option will opt you out of all “sales” and “sharing” as defined by CPRA for cross-context behavioral or targeted advertising and of “profiling” cookies as defined in Quebec). To opt-out of all or selected cookies, please visit Your Privacy Choices / Cookies.

Is any Personal Data transferred outside the European Union?

We conduct our business worldwide and may transfer your Personal Data to other companies of the Asmodee Group or to partners in any geographical location. We want You to enjoy the best possible service and customer experience, whether online or in person, wherever You may be located in the world. Consequently, we may share your Personal Data with partners located outside the country in which You shared such Data with us for the first time. In any such case, we will always act in compliance with the purposes set out in this Privacy Policy.  

In addition to establishing this Policy, the Asmodee Group also implements appropriate measures to ensure that your Personal Data is securely transferred to an Asmodee entity or external recipient located in a country offering a different level of protection to that of the country in which your Personal Data is collected. Where the recipient is located in a country where the legislation has not been covered by an adequacy decision issued by the European Union, we will ensure that the transfer is governed by standard contractual clauses of the European Commission which guarantee an adequate level of protection of privacy and fundamental personal rights, or equivalent guarantees, and/or appropriate technical and organisational measures.

How do we protect your Personal Data?

The security of your Personal Data is very important to us. The Personal Data collected on our Site is processed in line with secure protocols which considerably limit the risks of Data being intercepted or accessed by third parties. 

We notably use a range of protection technologies, such as encryption, authentication and fraud detection systems in order to protect your online account and payment transactions.

Covered by written commitments, we ensure that service providers and data controllers provide guarantees and implement adequate security measures in order to protect the Personal Data entrusted to them for processing, in accordance with applicable personal data protection law.

Due to the open nature of the internet, however, we are unable to exclude the possibility of piracy or unauthorised access by third parties. You accept these risks by continuing to use our Site. Within the limits of what is permitted under applicable laws, we reject all liability for any direct or indirect damage or loss You may suffer, or costs You may incur, due to any unauthorised access, loss or corruption of your Personal Data, including as a result of negligence.

Password security: We take all necessary measures to ensure that the password associated with your Account is stored securely (encryption via a strong and single flow direction algorithm).

However, password security also depends on its form. In order to be valid, we remind You that your password must be sufficiently complex and difficult to guess, even by someone who knows You well. When creating your AsmoConnect account via the internet, we offer You a password quality analysis tool and ask You to follow its recommendations.

What rights do You enjoy over your Personal Data?

Depending on your applicable data protection legislation, You may enjoy one or more of the following rights which may be exercised by You personally or by a legal representative acting on your behalf. We undertake to protect your rights and enable You to exercise them as You may deem fit.

As a resident within the European Economic Area or in the UK, You enjoy the following rights over your Personal Data:

• You may exercise your rights over your Personal Data at any time, i.e.: 
• Obtain information about the processing of your Data; 
• Demand access to your Personal Data, subject to not compromising the rights and freedoms of any other party; 
• Demand deletion of your Personal Data. However, this right may be subject to restrictions if there is a legal reason or if we have a legitimate interest in the retention of your personal data;
• Demand rectification of your Personal Data (e.g. if it requires updating or is inaccurate); 
• Withdraw consent for the processing of your Personal Data or restrict the scope of its processing; 
• Demand portability of your Personal Data; 
• In France and where required by local Law, you have the choice of how we should handle Your Personal Data after your death.

We encourage individuals who have entrusted their data to us to keep it current (such as if you change your email address, address or phone number), so that we have your correct information on file. 

Where processing is based on your consent (for example, newsletter subscriptions), you may withdraw your consent at any time without justification. You can exercise this right by changing your newsletter subscription options by clicking on the hyperlink provided for this purpose in each email we send.

For individuals seeking access to their data, we also require authentication to ensure that we are not providing personal data to an unauthorized person. 

See below for additional protections provided for those individuals in particular regions.

Right to submit a complaint to a supervisory authority:

We inform You of your right to submit a complaint to a competent supervisory authority in relation to the processing of your Personal Data. 

In France, the personal data protection authority is Commission Nationale de l'Informatique et des Libertés – CNIL

3 Place de Fontenoy          
TSA 80715 – 75334 Paris, Cedex 07          
Tel. +33 1 53 73 22 22          
Fax +33 1 53 73 22 00          
Website: http://www.cnil.fr/

 We would also like to inform you of the contact details of other authorities in Europe, which you can find and contact on the website of the European Data Protection Committee: https://edpb.europa.eu/about-edpb/board/members_fr

UNITED STATES CONSUMER PRIVACY RIGHTS

While ANA applies the GDPR benchmark globally, there are specific privacy laws in the U.S., including California’s CCPA, as amended by the CPRA, and certain similar consumer privacy laws in other states. To this effect, ANAcomplies with rights of consumers regarding the personal data that we collect and hold about them.  Those rights vary by region, and by state within the U.S.

Your California Privacy Rights:

California residents have certain additional rights in relation to their personal data, subject to certain exceptions. For example, as a Client of ANA and a resident, you may have the right to:

Transparency. Businesses that collect personal data subject to the California CCPA and CPRA or the laws of certain other States, have a responsibility to provide you with notice regarding the categories of personal data to be collected (see “WHAT Personal data do we collect?” above), the purposes for which the categories of personal data are collected or used (see “What use do we make of the information collected ?” above), whether that information is sold or shared (see “WITH  whom do we share your data?” above), and the length of time we intend to retain each category of personal data, or if that is not possible, the criteria used to determine that period (see “FOR HOW LONG will it be retained?” above), among other information.

Access the categories and specific pieces of personal data we have collected about you, the categories of sources from which the personal data is collected, the business purpose for collecting the personal data, and the categories of third parties with whom ANA shares personal data.

Limit the use and disclosure of sensitive personal data. Although this is a right in California, because ANA do not use sensitive personal data to provide products and services, we do not, and are not required to, offer this right.

Correct inaccurate or obsolete personal data that We may maintain.

Delete the personal data under certain circumstances.

Opt-out of the sale or sharing of personal data. We may be considered to sell or share the personal data of California residents in the context of transferring information to third parties for use in analytics and targeted advertising, as described in the “WHO may access your data?” section above, through the use of cookies and other trackers. California residents can contact us by using one of the contact methods below, or you may accept or reject all cookies except strictly necessary cookies (this option will opt you out of all “sales” and “sharing” as defined by CPRA for cross-context behavioral or targeted advertising) by visiting Your Privacy Choices / Cookies.

California’s Shine the Light Law:

California Civil Code Section 1798.83, also known as "Shine The Light" law, permits California residents to annually request information regarding the disclosure of your personal data (if any) to third parties for the third parties’ direct marketing purposes in the preceding calendar year. We do not share personal data with third parties for the third parties’ direct marketing purposes.

CANADA CONSUMER PRIVACY RIGHTS

While ANA applies the GDPR benchmark globally, there are specific privacy laws in Canada, including the Quebec Act, and certain similar consumer privacy laws at the federal and provincial levels. To this effect, ANA complies with rights of consumers regarding the personal data that we collect and hold about them.  Those rights vary by province.

Your Quebec Privacy Rights:

 Transparency. Upon request, ANA shall inform the individual of:

• The personal information collected from the individual;
• The categories of individuals who have access to the information within the organization;
• How long the information will be retained;
• The contact information for the Privacy Officer.

Access. With certain exceptions, individuals have the right to be informed of their personal information held by a company and, if necessary, to request that it be corrected. To access your personal information, you must send a written request to Asmodee’s Privacy Officer.

Correction and Erasure.  When you are informed of the existence in a file or record of inaccurate, incomplete or equivocal information about you, or if its collection, communication or retention is not authorized by law, you may make a request for its correction or erasure.

Deindexation. Individuals can ask organizations to stop posting their personal information or to de-index any hyperlinks to their name that provide access to information if such posting causes harm to the individual or contravenes a law or court order (right to erasure or to be forgotten).

Portability. The right to portability allows an individual to obtain access to computerized personal information that he or she has provided to an organization, for example, when creating an account online, in a structured and commonly used technological format. An individual may request access to his or her personal information for his or her own use, including for the purpose of retaining the information in a private storage space or disclosing it to a third party of his or her choice. At the request of the individual, the information may also be disclosed to any person or organization authorized by law to collect it.

Assistance. Asmodee has delegated the internal management and oversight of its privacy program to its Privacy Officer. It is the Privacy Officer who approves and implements privacy policies and procedures, ensures their proper functioning and reports to Asmodee’s senior management on the effectiveness of the program.

The Privacy Officer is also responsible for providing you with the necessary support in the event of a privacy-related question, complaint or request. For more information, please consult the "Contact us" section.

Exercise of your rights:

We have appointed a Data Protection Officer.

The contact details of the Data Protection Officer are as follows:

Name: Ms Laurence Gardias         
E-mail address: dataprivacy@asmodee.com         
Tel: 01 76 21 80 20

In order to exercise your rights in line with the conditions set out above and should Asmodee have any doubts regarding the person issuing the request, Asmodee may ask You to substantiate your identity by stating your surname, first name and e-mail address and by accompanying your request with a copy of an official identity document, such as an identity card or passport. In any such case, a black and white copy of the front side or photo page of one of these documents will suffice.

Either in writing or via power of attorney, You may designate an agent authorised to issue requests on your behalf for the exercise of your rights under the CCPA. Before accepting any such request from an agent, we will require the agent to provide proof of You having authorised them to act on your behalf and may require You to substantiate your identity directly with us.

A response will be issued within one (1) month of receiving any such request.

If required, this period may be extended to two (2) months by Asmodee subject to providing You with notification, depending on the complexity and/or the number of requests.

In the case of a request for the erasure of your Personal Data and/or in the event of You exercising your right to demand the deletion of your Personal Data, Asmodee may retain such Data in Temporary Storage for a period enabling it to meet its legal obligations or for evidentiary purposes during the applicable period of statutory limitation.

Revision of the Policy

We may occasionally update the Policy. We will notify You of any such change by amending the date placed at the very start of the Policy and, in certain cases, we may issue other forms of notification (e.g. by publishing a declaration on our Site homepage or by sending You an e-mail). We encourage You to consult the Privacy Policy whenever You interact with us in order to be kept informed about our personal data protection practices and about the methods at your disposal for controlling how your Personal Data is used and in order to protect your privacy.