| PURPOSE: |
We, at Kongregate Inc. (“Kongregate,” the “Company,”
“we” or “us”), are committed to respecting your privacy
and the integrity and security of your personal information. As the data controller of certain of your personal
information, we want you to know how we handle it, how we use it, process it and/or share it, as well as the ways in
which you can protect your own privacy.
Our Privacy Policy explains:
|
| SCOPE: | This Privacy Policy applies to any and all end users of Kongregate’s services (“Services”). Your use of the Services are subject to this Privacy Policy, the Cookie Policy (which is incorporated into the Privacy Policy) and the Terms of Service. Each of www.kongregate.com, www.kartridge.com, and all other sites or online services that are owned or operated by Kongregate currently or in the future is a “Site,” and collectively, the “Sites.” Each mobile game published or operated by Kongregate currently or in the future is an “App,” and collectively, the “Apps,” (and together with the Sites, the “Platform”). Each Kongregate game that can be played through third party platforms, e.g., via consoles, PCs and/or social media sites such as Facebook is a “Third Party Platform Games.” Amendments to Privacy Policy. We reserve the right to change our practices and to amend this Privacy Policy at our discretion and at any time. When any changes are made, we will try to provide reasonable notice and will post the updated version on the Platform. We may also send an email, in-game message or provide notice within some or all of our Services when this Privacy Policy changes. Each time a user accesses our Services, the Platform or Third Party Platform Games, the then current version of the Privacy Policy applies, and you agree that the information we collect will be subject to the Privacy Policy, as updated. We encourage you to check this page regularly so that you know our current practices. General Application Clause The descriptions of how we process your personal data, your rights, and limitations to processing your personal data that are mentioned in this privacy policy apply to you when you use our services. They are based on the rules of the General Data Protection Regulation (“GDPR”), which applies when you reside in the European Union and use our Services. If you do not reside in the European Union and use our Services, the descriptions of this privacy policy may not fully apply to you and other data protection laws might be applicable. If you are a resident of the State of California, please see the Section below titled: Additional Information Regarding California Residents for detailed information according to the California Consumer Privacy Act (“CCPA”). We ask that you read the Privacy Policy carefully and familiarize yourself with its content. Should you have any questions about the changes, you are welcome to contact us at support@kongregate.com. If you do not agree with the changes, then unfortunately, we must ask you to cease using our Platform and/or Services, as we must have all users under the same terms in order to provide equitable Services to all. |
| LAST UPDATED: | May 21, 2024 |
| LAST REVIEWED: | September 7, 2023 |
When you access, connect to, sign up to, participate in, create an account for, make purchases within or otherwise use our Services, we may collect personal data from you. The personal data we collect will depend on the circumstances and the Services you are using. The personal data that we may collect about you and the purposes for which such personal data will be used, as well as the legal basis for such processing are explained in this section.
Visiting our Site. When visiting our Site, our system will automatically collect data and information from the computer system of the terminal device accessing the Site. In this connection the following data will be collected for a limited time period:
Such data will be stored in log files of our system. Such data are needed only to analyze any malfunctions and will be deleted in approximately 30 days. The legal basis for temporarily storing data in log files is Article 6(1)(f) of the General Data Protection Regulation (“GDPR”). Temporary storage of the IP address for the system is necessary for making the Site available to the terminal device of the user. For this purpose, the IP address of the user must be stored for the duration of the session. Data is stored in log files to ensure the functionality of our Site. In addition, such data is used to optimize the Site and to ensure the security of our IT systems. Data will not be analyzed for marketing purposes in this connection, and we will draw no inferences as to your identity. The aforementioned purposes also provide the basis of our legitimate interest in data processing within the meaning of Article 6(1)(f) of GDPR. Collecting data to make available the Site and storing data in log files is necessary for operating the Site. Consequently, users have no right to object to the collection or use of such data for the aforementioned purposes.
Communication via Email and Phone. If you communicate with us via email or telephone, we process all personal data you disclose to us during our conversation (e.g., you name, email address, telephone number, the reason why you are contacting us etc.). If you ask for help from our customer support team, we will collect and store the contact information you give them (generally, your name and email address) as well as information about your game play or activity on our Services, and your Kongregate username and/or social network ID number. Recipients of the processed personal data are our respective internal employees that are responsible for pursuing our purposes for the processing (e.g., someone from a department that you are contacting with a request).
Depending on the specific conversation with you, the personal data can either be processed in order to take steps at your request prior to entering into a contract with us or to perform a contract you have concluded with us. In these cases, the legal basis for processing the personal data is Article 6(1)(b) of GDPR. Also, the processing can be necessary for us to comply with legal documentation obligations. Then, the legal basis for processing the data is Article 6(1)(c) of GDPR. The processing can also be necessary for the purposes of our legitimate interest to respond to mails and calls of yours when you contact us and are not our contractual partner as well as to have proof regarding substantial content of our conversation, including but not limited to cases of potential legal claims on our or your side. We may also store the communications you have with the Customer Support team in order to provide you support and improve the Services. The legal basis for processing the data in those cases is Article 6(1)(f) of GDPR.
The data is stored at least for the time until our contract with you is fully performed. If the data has been stored in order to take steps at your request prior to entering into a contract with us, we will store the data for as long as reasons objectively exist to believe that the respective conversation will be continued within the foreseeable future. Storage may also take place if this has been provided for by legal regulations such as directives, laws or other regulations to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires.
Account Information. When you register for an account (“Account”), we process the following required data of yours: username, email address and whether or not you are a Child. Recipients of the processed personal data are our respective employees that are responsible for processing the data. We process the required data to enter into and perform a contract with you (Account contract) so you can use our Services. The legal basis for processing the data to enter into or perform a contract we concluded with you is Article 6(1)(b) of GDPR. Your Account data is stored for as long as you maintain your Account, which can be closed anytime at your request. To protect your privacy, your Account will be automatically closed and any such associated data automatically deleted after three (3) or four (4) years of inactivity, as further explained in Section 3.
Information You Provide via Apps. You may have the option to link your mobile account to your Sites account in connection with certain Apps. This will allow you to participate in content that crosses between the Sites and Apps, such as Kongregate level, points, and badges. If you choose this linking option, the information we receive via the Sites may also apply to Apps, and vice versa.
Purchases. When you place an order with us through our Platform we will request certain information from you, including, your name, email address, payment card details, billing address and phone number. We use a third party payment processor for this service. This information will be used to process your order, arrange delivery of your order and correspond with you in relation to your order. Recipients of the processed personal data are our respective employees that are responsible for fulfilling our Services. Our legal basis for using your personal data in this way is to perform the contract we enter into with you and to execute the customer service in respect of your order (Article 6(1)(b) of GDPR).
The data is stored at least for the time until our contract with you is fully performed. If the data has been stored in order to take steps at your request prior to entering into a contract with us, we will store the data for as long as reasons objectively exist to believe that the respective conversation will be continued within the foreseeable future. Storage may also take place if this has been provided for by legal regulations such as directives, laws or other regulations to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires.
Online Presence in Social Media. We maintain an online presence on social networks and platforms to communicate with clients, interested parties, and users who are active on those networks, and to be able to inform clients, interested parties, and users of our Services.
Our Site therefore links to the website of Facebook, operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, U.S.A., or, if you reside in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, (“Facebook”). Otherwise, no data is exchanged with Facebook on our Site. For further information how Facebook processes personal data: https://www.facebook.com/about/privacy/update.
Our Site also links to the website of Twitter, operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, U.S.A. or, if you reside in the EU, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland. For further information how twitter processes personal data: https://twitter.com/privacy.
When you access the aforementioned networks or platforms, the terms and conditions and data processing policies of the companies that operate those networks or platforms will apply. Unless otherwise provided in our data privacy policy, we will process data of users if they communicate with us through social networks or platforms, e.g., if they post on our Facebook pages, or send us messages.
User-Generated Social Content. As of January 2022, Kongregate no longer hosts forums or chat rooms. However, if you had posted in a forum prior to January 2022, then your previous posts are still publicly visible. If you had participated in a chat room prior to January 2022, all such chats have been deleted. Any member with an Account may still post game comments, (which are publicly visible), profile shouts and/or direct messages. When you do this, we process your username, date of your post and content of your post. The personal information that you post voluntarily through the Platform may be visible to others.
We process the data to perform a contract with you so you can use our Service. Should you violate our terms of use (e.g., post offensive content) we will save such posts to prove the violation. We have a legitimate interest in making sure that the rules for participating in our forum are followed and toxic behavior of users can be properly sanctioned to ensure a friendly and respectful space for everyone. The legal basis for processing the data to enter into or perform a contract we concluded with you is Article 6(1)(a) of GDPR. The legal basis for processing data based on our legitimate interest is Article 6(1)(f) of GDPR.
The data is stored at least for the duration of the contract with you. If entitlements to claims arise from the contract we store the data for the respective limitation period according to the applicable law. Personal data that is processed based on our legitimate interest, will be stored as long as it is covered by such legitimate interest. The storage period in such cases is determined by the necessity of the establishment, exercise or defense of legal claims (Article 17(3)(e) of GDPR), e.g., to have proof for a defense against unjustified claims within the respective statute of limitations by users who have verifiably violated our terms of use.
Other Information You Provide. We collect the following types of personally identifiable information: your contact information (such as name, postal or email address, or phone number), username and password, purchase history on our Platform, game play preferences (such as an interest in a particular type of game or genre), information you provide by interacting with us through social media, and photographs that you submit on our Platform or through our social media channels. By submitting a photograph, you waive any rights thereto and authorize us to copyright, use and publish the same in print or electronically for any lawful purpose.
Information We Automatically Collect. Kongregate, Kongregate affiliates, and our third-party partners in analytics, user acquisition, and advertising, use technologies such as cookies, beacons, tags, and scripts, to analyze trends, administer the Site, track users’ movements around the Site, and gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual or aggregated basis.
Analytics. When you visit our Platform, we automatically collect the following types of information: information about the devices you use to access the Internet (such as the IP address and the device, browser, and operating system type), URLs that refer you to our Platform and the dates and times of your visits, information on your gaming behavior on our Platform (e.g., page views, paths you take through our Sites, frequency of visits, referring/exit pages), general geographic location information (e.g., country) that shows where you are when browsing our Sites, search terms that you enter to reach our Sites or enter on our Sites to find products, and the fact that you opened one of our emails. We utilize analytics services to help us track the efficacy of our Platform and help us learn more about our users’ behavior.
Information We Receive from Third Parties. As previously noted, you can play Kongregate games through third party consoles or third party social media sites such as Facebook. When you play these Third Party Platform Games, backend system vendors may collect and share your information with us such as player IDs, session information, and purchase data, as well as personal information including email address, gender, and birthday and/or age range. Because such services are offered through a third party, this collection of information is governed by the applicable third party’s privacy policy.
Tailored Advertising. Advertising allows us to provide many free-to-play Services. Third-party advertising companies serve ads on our behalf across the Internet. Such advertising partners have a legitimate interest to collect and profile personal data in the form of IP address and cookie ID from users on our Site in order to provide targeted online advertising and ad measurement.
Cookies. As further described in our Cookie Policy, we automatically collect information through cookies and other similar technologies (e.g., web beacons, pixels, ad tags and device identifiers) to recognize you and/or your device(s). Cookies are small text files stored by your Web browser on your computer, phone, tablet, or other device used to browse our Platform. Cookies allow us to identify and authenticate visitors, track behavior, and enable important site features. We also contract with analytics services and third-party advertising companies to collect similar information for specific purposes. Please note that companies delivering advertisements on our Services may also use cookies or other technologies as described below in the section “Third Party Advertising and User Acquisition Partners” and those practices are subject to those companies’ own policies. You can control cookies through your browser settings and other tools. For more information on cookies, please see our Cookie Policy.
Service Providers. We may use third party service providers to perform services for us such as to provide the infrastructure and IT services (including but not limited to data storage), process credit and debit card transactions, to provide customer services, collect debt analysis and improve data and process customer inquiries and perform other statistical analyzes. In the performance of these services, the third party vendors may have access to your personal data but are only authorized to process it strictly on our behalf and in accordance with our instructions.
Third Party Advertising and User Acquisition Partners. We have advertising on our Services so we can continue to offer many of our Services for free. Subject to your settings, we provide certain information to advertisers who will use them to serve you with ads in our Platform, and we measure who sees and clicks on their ads. We may also use aggregate information to monitor usage of our Services in order to help us improve and develop our Services, and we may provide such aggregate information to third parties, e.g., content partners or advertisers. This aggregate information does not include personal data and cannot be linked to you. When advertisers, ad networks or user acquisition partners place ads in our Services, they may collect or we may share the following types of information from within our Services:
The information collected may be used to:
Advertisers or ad networks may collect this information through the use of tracking technologies like browser cookies and web beacons. After clicking on a third party advertisement, you may no longer be on our Platform. The third party sites are operated by companies that are outside of our control, and your activities at those sites will be governed by the policies and practices of those third parties. We encourage you to review the list of third party advertising and user acquisition partners and their privacy policies before disclosing any personally identifiable information, as we are not responsible for the privacy practices of those sites.
Offer Walls. Our Services may display an “offer wall” that is hosted by an offer wall provider. The offer wall allows third-party advertisers to provide virtual currency to players in exchange for interacting with an advertisement or for completing a marketing offer that may include signing up for an account with one of those advertisers. After clicking on one of these offers, you will no longer be on a site hosted by Kongregate or the social network through which you are playing Kongregate games. To properly credit player accounts and to prevent fraud, a unique identifier, in some cases your Kongregate username/ID, will be shared with the offer wall provider.
Third Party Developers. Most of the games on our Platforms are created by third party developers. These third party developers may request, by using Kongregate’s SDK and APIs, certain publicly visible information about users that play their games, e.g., your username, your user_id (a numeric ID associated with your account that persists even if a username is changed) In order to fix bugs. The legal basis of this processing is Article 6(1)(b) of GDPR.
Third Parties for Security or Other Legitimate Reasons. We may also disclose your personal data to third parties, if we reasonably believe that disclosure of such personal data is necessary:
Corporate Transaction, Reorganization or Bankruptcy. In the event of a change of control, sale of some or all of our business or assets, corporate reorganization or bankruptcy, we would share the pertinent customer information (which may include your personal information) with the other business entity (or entities) involved in the transaction. In such an event, we would notify you via email and/or a prominent notice on our Platform of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information. The legal basis of this processing is Article 6(1)(f) of GDPR.
Legal Compliance. We may disclose information upon governmental request, in response to a court order, or when required by law to do so. The legal basis of this processing is Article 6(1)(c) of GDPR.
In the following you can find information on how long we store personal data in our systems which we have collected from you during your use of our Services. We adhere to a data retention policy that involves the retention of personal data from active users while concurrently deleting the data of inactive users who satisfy the subsequent criteria:
Furthermore, in compliance with legal authorities, we will keep a record of financial transactions in an anonymized form for the period of time required by law.
We strive to maintain the security of your personal information through a variety of security measures. Safeguarding your personal data is a priority for us. Personal data that you provide to us is stored on secure servers, and we use rigorous procedures to protect against loss, misuse, unauthorized access, alteration, disclosure, or destruction of your personal data. Although we work hard to protect your personal data, please note that no system can be guaranteed to be 100% secure. Therefore, while we strive to employ reasonable protections for your information that are appropriate to its sensitivity, we cannot guarantee that our safeguards will prevent every unauthorized attempt to access, use or disclose personal data, and we cannot guarantee or warrant the security of the information you share with us and we cannot be responsible for the theft, destruction, loss or inadvertent disclosure of your information.
It is important for you to protect against unauthorized access to any login or password information, and to your computer or device. To minimize the risk of having your account being compromised, we recommend that you set up your account password using unique numbers, letters and special characters. Do not disclose passwords to others. Please notify us of any password compromises and change passwords periodically to maintain account protection. To learn more about how to protect yourself online, we encourage you to visit the government’s website at www.onguardonline.gov.
Our Services are Not Designed for Children. Our Services, Platform and Third Party Platform Games are generally designed for and directed at people 18 years of age or older. No one under the age of 13 within the United States (or up to the age of 16 for children located in certain European countries)(collectively, “Children”) may provide any personal information to us, and we do not knowingly collect information from Children except in connection with the following Apps which Kongregate has designated as directed to Children (collectively, our “Children-Appealing Games”).
For our limited collection of Children-Appealing Games, we recognize a special obligation to further protect personal information collected from Children. We urge parents to instruct their children to never give out their real names, addresses or phone numbers without permission. Some of the features of our Children-Appealing Games are age-gated so that they are not available for use by Children. When we intend to collect personal information from Children, we take additional steps to protect children’s privacy, including:
For additional information about our practices regarding Children’s personal information, please read our Children’s Privacy Policy.
With the exception of a handful or so of our Children-Appealing Games, Children should not attempt to create an account or send any of your information to us, including your name, address, telephone number or email address. If Kongregate learns that we have collected personal information from Children without verification of parental consent in contravention of these measures, we will terminate access to the account immediately and will take all reasonable measures to delete such information from its databases and to not use such information for any purpose (except where necessary to protect the safety of the child or other as required or allowed by law). If you believe that we might have any information from or about Children, please contact us at support@kongregate.com.
Right to Remove Posted Information — California Minors. If you are under 18 years of age, reside in California, and have a registered account on the Platform, or through the Third Party Platform Games, you have the right to request removal of unwanted information that you publicly post on the Platform, or through the Third Party Platform Games. To request removal of such information, you can contact Kongregate using the email address associated with your account at support@kongregate.com stating that you reside in California. Upon receiving such a request, Kongregate will make sure that the information is not publicly available on our Platform, or through our Third Party Platform Games.
We understand that you may at times need further information from us regarding your personal data and how it is processed or that you may wish to update or correct the personal data you have provided us with. Your rights under GDPR include the following:
Please submit a request using this form in respect of your rights. We will use commercially reasonable efforts to respond to your request within 30 days of receiving such request. If we cannot honor your request within the 30-day period, we will let you know the reasons why and when we expect to be able to fulfill your request.
If our processing of your personal data is based on your consent, you have the right to withdraw such consent at any time (this will however not affect the processing based on your consent before its withdrawal) by using this form or by updating the settings in our Services (where applicable).
Opting Out of Social Media Platform. If you wish to edit or manage the information Kongregate receives from a social media platform, you need to follow the applicable instructions at the specific social media site. For example, Facebook’s relevant policy in this regard can be found here. Please note that once Kongregate receives any personal information from a social media site as a result of a user playing Third Party Platform Games, it will be stored and handled in accordance with this Privacy Policy.
The collection and storing of the data can at any time be disabled with effect for the future as follows:
Opting Out of Third Party Tailored Advertising. If you are interested in more information about tailored advertising and your choices to prevent third parties from delivering tailored web and mobile web advertising you may visit the following websites:
Please note this does not opt you out of being served ads. While you do have choices to limit personalized ads that are tailored to your interests, you may receive generic ads. These opt-out tools are not provided by Kongregate but provided by third parties.
IMPORTANT INFORMATION FOR EUROPEAN USERS: When you use our Services, your data may be sent to the United States and possibly other countries.
The personal data that we collect from you may be transferred to and stored at a destination outside the European Economic Area (“EEA”) and Switzerland, including at destinations that are not subject to a decision by the European Commission establishing an adequate level of protection of personal data. Currently, our servers are in the United States. Your personal data can be shared with other companies owned by our parent company, processed by staff working for us or for one of our suppliers, or shared with certain third parties who may be located outside the EEA and Switzerland. We will take all reasonable necessary steps, including entering into data processing agreements using standard contractual clauses, to ensure that your personal data is treated securely and in accordance with this Privacy Policy and have adopted appropriate safeguards to protect it.
Kongregate is the 'Controller' in line with GDPR and other applicable data protection laws. You can contact our Data Protection Officer at:
Kongregate Inc.
1600 Rio Grande Street
Austin, TX 78701
Email: privacy@konregate.com
For questions or concerns regarding the Privacy Policy or the use of personal information you submit to us, please contact us at:
Kongregate Inc.
10680 Treena Street, Suite 155
San Diego, CA 92131
Email: support@kongregate.com
To exercise any of your privacy rights, please visit our Data Subject Rights Request Form available here. Through this form, you can specify the nature of your request and provide any information necessary to help us process your request efficiently.
Please note that we may need to verify your identity before processing your request to ensure the security of your data. The processing time for requests may vary depending on the complexity and nature of the request but we aim to respond within one month of receiving a verified request.
We use the following user acquisition and advertising partners, that are integrated into our Platform. Please check the following privacy policies to learn more about their privacy practices, including how you may exercise your data subject rights.
This list was last updated on July 12, 2023.
If you are an EU resident, we rely on certain safeguards when sharing your personal data with a recipient established outside of the EEA/EU.
Some vendors with which we share your personal data are established outside of the European Union. Principally, there are two possible safeguards we can rely on when we share your personal data with these recipients:
The chart below details which categories of Personal Information about California residents we plan to collect, as well as which categories of Personal Information we have collected and disclosed for our operational business purposes in the preceding 12 months. We obtain the categories of personal information listed above from the following categories of sources:
We may disclose your Personal Information to a third party for a business purpose. “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular you as consumer or a household. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
| Categories of Personal Information | Disclosed to Which Categories of Third Parties for Operational Business Purposes | Retention Period |
| Personal information as defined in the California customer records law, such as name, contact information and government-issued ID | Affiliates, service providers, business partners in case of contest, sweepstakes, and promotion, legal authorities | Annual deletion of user accounts that have not engaged in any form of login activity over the course of at least three consecutive years. |
| Commercial Information, such as transaction information and purchase history | Affiliates, service providers, business partners in case of contest, sweepstakes, and promotion, legal authorities | Annual deletion of user accounts that have not engaged in any form of login activity over the course of at least three consecutive years. |
| Internet or network activity information, such as interactions with our online properties | Affiliates, service providers, business partners in case of contest, sweepstakes, and promotion, legal authorities | Annual deletion of user accounts that have not engaged in any form of login activity over the course of at least three consecutive years. |
| Identifiers, such as username, contact information, IP address and other online identifiers | Affiliates, service providers, business partners in case of contest, sweepstakes, and promotion, legal authorities | Annual deletion of user accounts that have not engaged in any form of login activity over the course of at least three consecutive years. |
| Geolocation Data, such as approximate location derived from IP address | Affiliates, service providers, business partners in case of contest, sweepstakes, and promotion, legal authorities | Annual deletion of user accounts that have not engaged in any form of login activity over the course of at least three consecutive years. |
We may use or disclose the personal information we collect for one or more of the following business purposes:
We do not “sell” and have not “sold” Personal Information for purposes of the CCPA in the last 12 months.
We do not process Sensitive Personal Information of yours. Sensitive personal information includes personal data that discloses:
If you are a resident of California, you have the following rights:
If the GDPR applies when you use our Services, you have certain rights which you can find listed below. If the GDPR does not apply when you use our Services (e.g., you reside in the USA), these rights do not necessarily apply.
To make a request for the disclosures or deletion described above, please contact us at privacy@kongregate.com or use this form. You may only make a verifiable consumer request for access or data portability twice within a 12-month period.
| Request type | Quantity | Stage | Status |
| Deletion Request | 1682 | Complete | Completed request |
| Deletion Request | 5363 | Incomplete | Incomplete due to: Incomplete/partial data, Request for more information, Failed to verify identity |
| Access Request | 130 | Complete | Completed request |
| Access Request | 619 | Incomplete | Incomplete due to: Incomplete/partial data, Request for more information, Failed to verify identity |