Darktide Privacy Notice
Darktide Privacy Notice
The following Privacy Policy has been established for Fatshark AB on 2021-04-30 and changed on 2022-09-15.
Last updated: November 2024
Please scroll down for English Global version
Please click here for USA version
Please click here for Italian version
Please click here for French version
Please click here for German version
Please click here for Spanish (Spain) version
Please click here for Polish version
Please click here for Portuguese (Brasil) version
Please click here for Russian version
Please click here for Simplified Chinese version
Please click here for the Japanese version
Please click here for Korean version
Please click here for Traditional Chinese version
Introduction – What is this notice for?
This privacy notice (this “notice”) is about how we use personal information about you called “personal data” when you’re playing Warhammer 40,000: Darktide (the “game”).
Who are we?
We are Fatshark AB (“we” or “us” in the rest of this notice). We are located at Rosenlundsgatan 29C, 118 63 Stockholm (Sweden) and you can find our contact details here.
We make decisions about how and why we use your personal data when you use the game.
The means we’re what’s called a “data controller” of this personal data.
What is personal data and why is it important?
Personal data is any information which identifies you (like your name, nickname, and email address). It is also information which can be pieced together with other information to identify you like your age, gender, or the technical IDs given to your phone/laptop (these IDs are sometimes known as “online identifiers”); and the interactions of you and your character in the game from which it’s possible to work out things about you, such as mission time, item acquisition rates, inventory amounts, avatar characteristics and choices (“gameplay data”).
It’s important to know what we do with your personal data, because you should be able to control what happens to it. By reading and understanding this notice, you will know how we collect, use, share, and protect your personal data, and how you can ask us to use it differently.
How do we collect your personal data?
Sometimes you give us your personal data directly - for example, when you are filling in your account setup form or contacting our customer support teams. The information that you are asked to provide and the reasons why you are asked to provide it will be made clear to you at the point we request it. Providing us with this information is voluntary, but if you choose not to provide it you may not be able to access the game or certain aspects of the game.
Sometimes we also collect information about you automatically when you are playing the game. Where this information can be linked back to you, it will be personal data. This information includes your IP address, geographic location information using IP information and event data related to updates to your account information.
When are we allowed to use your personal data?
We are only legally allowed to use your personal data where a legal basis allows us to do so. These are the legal bases which could apply:
- Legal Basis: “Contract”
We need to carry out or sign up to a contract
When does this Legal Basis apply?
When it’s necessary to use your personal data to perform a contract with you, or because you have asked us to do something before signing a contract with you that requires the processing of your personal data.
- Legal Basis: “Legitimate Interest”
It’s in our or someone else’s “legitimate interests”
When does this Legal Basis apply?
“Legitimate interests” is a legal phrase. It usually means a commercial or business interest that is important to us or another company, and which we’ve balanced against your right to privacy.
- Legal Basis: "Consent"
You have given us your consent
When does this Legal Basis apply?
Sometimes we will ask for your (or we might need to ask for your parent’s) consent to use your personal data. This consent will always be clear and separated out from other information.
You can always withdraw your consent via email (privacy@fatshark.se).
- Legal Basis: “Legal obligation”
We need to do something a legal obligation tells us to
When does this Legal Basis apply?
When it’s necessary to use your personal data so that we can perform our legal and regulatory obligations – so that we don’t break the law.
What personal data about you do we use, and why?
This list below lists the types of personal data we use about you, and our reason for this:
Information you provide to us (either directly or through a third party):
The types of your personal data we use
- Account setup information: Your Platform IDs(Steam, Xbox, Playstation), Fatshark User ID,alias, email, password, hardware ID, IP address
Why we use this personal data
We use this information to create your account in order to provide access to the service in accordance with your request.
Legal basis: Contract
- Account login information: Third party identifier(IDs for Steam, Xbox, Playstation).
Why we use this personal data
We use this information to allow you to login to the service from a third-party platform in accordance with your request.
Legal basis: Contract
- Matchmaking services: IP address, account ID, hashed credentials.
Why we use this personal data
We use this information to allow you to use the match-making services of the service and hosted gameplay.
Legal basis Contract
- Customer support: Any information voluntarily provided to customer support including email, login data, gameplay data and transaction data.
Why we use this personal data
We use this information to help provide support to you in relation to the issue you’ve contact us about.
Legal Basis: Legitimate interest - our interest in answering your questions about our service in order to improve your experience and improve our relationship with you
- Security: IP address, IP lookup information, account ID.
Why we use this personal data
We use this information to help provide security and network protection mechanisms.
Legal basis: Contract
- [In case of Opt-in only] marketing and surveys: email, account alias, platform, transaction data.
Why we use this personal data
We use this information when you voluntarily provide it for the purposes of providing you with update and promotional emails.
Legal basis: Consent or (if consent isn’t required) Legitimate interest – our interest (or our partners’ interests) in promoting our game and our other products
- Friends list (manually added by you): friend aliases.
Why we use this personal data
We use this information so that you can connect with your friends and share game activities with your friends.
Legal basis: Contract
- Data subject request information: alias, email address, transaction history, login history, proof of user's identity.
Why we use this personal data
If a data subject request is submitted, we use this information to confirm the requestor’s identity, your rights and to process the request.
Legal basis: Legal obligation - our obligations under data protection laws
- Sending legal reports/responding to court orders - Purchase and activity data, online identifiers, information requested by law enforcement
Why we use this personal data
We may be required by law to disclose this information to law enforcement bodies.
Legal basis: Legal obligation - our obligations under intelligence and security laws
Information collected automatically or generated as part of our service to you:
What we are doing and why
- Generated account ID
The types of your personal data we use
We generate this and use this to store your service gameplay data (including level and progress) with your profile, and it allows you to connect to the service server.
Legal Basis: Contract
- Gameplay Data: Various gameplay related data (i.e. account state, mission time, item acquisition rates, inventory amounts, ability usage, account ID of friends)
The types of your personal data we use
We use this information to improve the game and provide you with feedback and information about your gameplay and progress.
Legal Basis: Legitimate interest - our interest in improving your and others’ future experiences with the game
- IP address
The types of your personal data we use
We use this information to:
- Allow you to connect to the service server
- Optimize your matchmaking experience
- Determine your country of origin
- Security and anti-cheat functions
Legal basis: Contract + See legal bases for matchmaking + security / anti-cheat
- Anti-cheat and security related information: basic hardware information, windows account name, uniquely generated hardware ID, IP address, running process list (PC only), operating system information, user account information, processes, memory, and driver which is related to the game running, user behaviour and status that may be related to cheating software.
The types of your personal data we use
We use this information:
- for security and verification purposes, including to detect and observe cheating behaviours and consider restricting or banning access to the service
- identify and address bugs and assess game function for optimisation
- solve game crashes and optimise compatibility of hardware with the game
- to combat users registering for multiple accounts
If your account is determined to breach our Terms of service, we may consider restricting or banning your access to the service.
Legal basis: Legitimate interest - our interest in ensuring the security of our services, maintaining a fair gaming environment
- Advertising: Account information, user ID, purchase data.
The types of your personal data we use
We use this information to display advertising network purchases on an impression basis that optimizes based on return on spend or targets based on in-game data.
Legal basis - Consent or (only where consent isn’t relied on and obtained) Legitimate interest – our interest in improving your experience and promoting our game
- Data to provide you with chat access: audio and text communicated to other players in-game.
The types of your personal data we use
If you engage with chat services, then we will process such data in order to deliver your messages to other users.
Legal basis: Contract
- Chat monitoring: audio and text communicated to other players in-game including alias and account ID.
The types of your personal data we use
We monitor and take logs and chats to ensure they are in keeping with our community standards.
Legal basis: Legitimate interest our interest in providing you with customer support and security by ensuring the messages you leave don’t breach our community standards
Who do we share your personal data with?
Sometimes we share your personal data with other companies and organisations.
The types of companies and organisations we share your personal data with are as follows:
- Game “storefronts” and “distributors” – If we’re not already doing this ourselves, we might need help from other companies to get you to join the game and set up your account. We might share your personal data with those companies as part of that process.
- Companies in our “group” of companies – We have lots of different companies in our “group”, who are linked to us. Some of them provide us with services to help us to manage our games. We share your personal data with these other companies so they can provide us with these services, and to fulfil some of our legal obligations.
- Other companies who provide us with services – We need separate companies to provide us with services we use to support the game (for example, hosting providers, companies which process support ticket IDs, communication service providers, data analytics service provider, anti-cheat-tools and companies that help send or display marketing or advertisements if these are relevant). We share your personal data with those companies so they can provide us with those services.
- Regulators, official authorities, and other third parties in relation to legal compliance – For example, the police or the government might legally require use to give them personal data to help them with an investigation, or we might be required to give these companies personal data to enforce our terms, address security and fraud, and to protect you.
- A third party that acquires all or part of our business – we might disclose your personal data to another company which buys or undertakes another type of corporate transaction in respect of our shares or buys all or part of our assets.
Does your personal data ever go to other countries?
We will only store data within the EEA or UK. All your data on our servers are encrypted on disk and even during transmission.
However, in some instances your personal data may be transferred to other countries, e.g. as part of the provision of services by third parties. If you are in the UK, the EU, or Switzerland and your personal data goes outside of the UK, the EEA or Switzerland, the law requires us to take extra steps to make sure your personal data is protected in the place it is going to.
We do the following things to make sure we are not breaking these laws:
- Before you enter the game, we ask for your consent to transfer your data overseas (we might need to ask your parent to provide this consent for you).
- If we send your personal data to an overseas company (either in our “group” of companies or a separate company) so they can provide us with services, we will have a contract with that company called the “standard contractual clauses and the UK addendum” which requires that company to protect your personal data.
- Sometimes the companies who provide us with services have special documents in place called “binding corporate rules”. If a company has one of these documents in place, this will be enough to make sure the personal data is protected.
We take similar steps where you are in another country with similar legal requirements, as well.
If you want proof of or more information about any of these things, you can contact us here.
How long do we keep your personal data for?
We only keep your personal data for as long as necessary to fulfil the purpose for which it was collected. As soon as your data is no longer required for the aforementioned purposes it will be deleted.
This will generally only be for three months after completion of the latest session.
However, we may have to continue to retain your data until the expiry of the retention periods and dates specified by the legislator. These periods usually amount to six to ten years.
It we are keeping your personal data for longer in this way, we will make sure it is secure and you can still change what we do with it (see below).
What control do you have over your personal data, and how can you make us change what we do with it?
Because your personal data is about you, you should be able to control what happens to it.
We provide different ways you can do this. The easiest way is to write us an email (privacy@fatshark.se) requesting one or more of the following:
- “Stop using my data” – you can object to how we are using your personal data if we are using it based on legitimate interests (see above) in certain situations;’
- “Download my data” – you can request a downloadable copy of your personal data and for us to transfer it to another party. If you wish for us to transfer such personal information to a third party, please ensure you detail that party in your request. Note that we can only do so where it is technically feasible;
- “Access my data” – you can request to access to the personal data we use about you, and information about how we use it and who we share it with;
- “Delete my data” – you can request that your account or specific personal data we store about you is deleted from the game. Please be aware that once an account has been deleted there is no way to recover it;
- “Correct my data” – you can request that information about you that is wrong or outdated is corrected. You can update your account information at any time by logging on to your account profile;
- “Restrict the use of my data” - you can request to restrict the use your personal data, for example to storage purposes only;
- “I don’t consent any more” – you can withdraw your consent if our reason for using your personal data is consent (see above). We will then stop using your personal data in this way (though this doesn’t affect the lawfulness of the processing until you withdraw).
You can also submit requests to exercise these rights by contacting us here.
Unfortunately, we’re sometimes not able to do the things you tell us to, for example because of the particular legal basis we have been relying on to process your personal data, or because it would interfere with another person’s own privacy rights. If this happens, we’ll explain to you why we aren’t able to do what you tell us to with that piece of personal data.
We may also be required to keep certain personal data to satisfy legal requirements or for security purposes, or if there are valid grounds under data protection laws for us to do so (for example, for the defence of legal claims or freedom of expression) but we will let you know if that is the case.
You also have the right to make a complaint at any time to a data protection authority in the country where you live, work, or where you believe a breach has occurred. For information on supervisory authorities see the Annex below.
Updates to this policy
We may make updates to this policy from time to time (for example because our services have changed or because of changes in laws). We will appropriately notify you of this. The date this notice was last updated can be found at the top.
How can you ask questions or make a complaint about your privacy?
If you have any questions about what we have said in this notice or how your personal data is used, you can contact us about it.
Our contact details are:
E-Mail: privacy@fatshark.se
Address: Rosenlundsgatan 29D, 118 63 Stockholm, Sweden
You can also contact the official organisation which regulates personal data in your country (the “regulator”) to lodge a complaint, if you think we are not using your personal data correctly. Please see the Annex to this notice which lists the contact details of the different regulators.
Thank you!
We hope you have a great time playing Warhammer 40,000: Darktide!
If you live in California:
California Privacy Rights. This section contains disclosures required by the California
Consumer Privacy Act (“CCPA”) and applies only to “personal information” that is subject to
the CCPA.
Personal Information we Collect. In the preceding 12 months, we collected the
following categories of personal information about California consumers. We do not sell
personal information.
Categories of Personal Information:
- Personal and online identifiers (such as first and last name, email address, or unique online identifiers)
Disclosed for business purposes to the following categories of third parties: All categories listed below.
Sold to following categories of third parties: All categories listed below.
- Internet or other electronic network activity information (such as browsing history, search history, interactions with a website, email, application, or advertisement)
Disclosed for business purposes to the following categories of third parties: All categories listed below.
Sold to following categories of third parties: All categories listed below.
- Geolocation information
Disclosed for business purposes to the following categories of third parties: All categories listed below.
Sold to following categories of third parties: All categories listed below.
- Inferences drawn from the above information about your predicted characteristics and preferences
Disclosed for business purposes to the following categories of third parties: All categories listed below.
Sold to following categories of third parties: All categories listed below.
- Other information about you that is linked to the personal information above
Disclosed for business purposes to the following categories of third parties: All categories listed below.
Sold to following categories of third parties: All categories listed below.
Categories of Sources. We collect personal information from the following categories of
sources:
- Consumers;
- Internet service providers;
- Data analytics providers;
- Advertising providers;
- Social networks;
- Service providers; and
- Affiliates not under the Tencent brand.
Why We Collect, Use, and Share California Information. We use and disclose the
personal information we collect for our commercial and business purposes, as further
described in this Privacy Policy. These commercial and business purposes include, without
limitation:
- Our commercial purposes, including marketing, advertising, and enabling
- commercial transactions.
- Our business purposes as identified in the CCPA, which include:
- Auditing related to our interactions with you;
- Legal compliance;
- Detecting and protecting against security incidents, fraud, and illegal activity;
- Debugging;
- Performing services (for us or our service provider) such as account servicing,
- processing orders and payments, and analytics;
- Internal research for technological improvement;
- Internal operations;
- Activities to maintain and improve our services; and
- Other one-time uses.
Recipients of California Personal Information. We disclose the categories of personal
information designated above to the categories of third parties listed below for business
purposes:
- Service providers;
- Affiliates not under the Tencent brand; and
- Government entities.
Your Rights Regarding Personal Information. California residents have certain rights
with respect to the personal information collected by businesses. If you are a California
resident, you may exercise the following rights regarding your personal information, subject
to certain exceptions and limitations:
- The right to know the categories and specific pieces of personal information we collect, use, disclose, and sell about you; the categories of sources from which we collected personal information about you; our purposes for collecting or selling personal information about you; the categories of personal information about you that we have either sold or disclosed for a business purpose; and the categories of third parties with which we have shared personal information.
- The right to request that we delete the personal information we have collected from you.
- The right to opt out of our sale(s) of your personal information. Please note that if you opt out of certain types of sales, we will be unable to provide you with the services that rely on such sales.
- The right not to receive discriminatory treatment for the exercise of the privacy rights conferred by the CCPA.
To exercise any of the above rights, please contact us and submit the required verifying
information, by emailing us at privacy@fatshark.se
Verification Process and Required Information. Note that we may need to request
additional information from you to verify your identity or understand the scope of your
request, although you will not be required to create an account with us to submit a request or have it fulfilled. We will require you to provide, at a minimum name, email address, or platform account name.
Minors’ Right to Opt In. We do not have actual knowledge that we sell the personal
information of minors under 16 years of age.
Annex – list of regulators you can contact
You can contact the regulator on this list which is in the country you are located in:
- You can find a list of EU data protection regulators here.
- In the UK, the regulator is the Information Commissioner’s Office which you can contact here.
