Last Updated: June 30, 2018
If you are a parent or guardian of a child under 13, or a child located in Europe under 16, please review the section entitled Children’s Information below.
2. ESRB Privacy Certified
3. Information Collection
- Information You Provide
Wizards collects information you provide directly via the Service. The data we collect may include data that identifies you personally (whether alone or in combination). Some examples of data we collect include the following:
- Name and Contact Data. We collect your first and last name, email address, postal address, telephone number, and other similar contact data.
- Credentials. We collect passwords, password hints, and similar security information used for authentication and account access.
- Demographic Data. We collect demographic information such as about your age, birth date, gender, country, and household data.
- Payment data. We collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number), and the security code associated with your payment instrument.
- Profile Data. We collect your username, interests, favorites, gamer data, and other profile information.
- Contacts. We collect data about your contacts if you choose to match with your contacts on the Service or invite your contacts to join the Service.
- Content. We collect the content of messages you send to us, such as feedback and product reviews you write, or questions and information you provide for customer support. We also collect the content of your communications as necessary to provide you with the services you use. For example, if you chat with another user through the Service, we need to collect the content of that chat to display it to you and the other user as you direct.
Wizards collects data from you at various points on the Service, including as described below:
- Account Registration. To register an account with Wizards, you must, at a minimum, provide your date of birth, location, a user name and password. To participate in other Wizards offerings, such as organized play, you may be required to provide your first name and last name, city, country, postal code, gender, email address, password, user name and screen name.
If you register an account using your Facebook account (or other social media platform), the following information may be collected: (1) your first and last name and other information made publicly available by you, (2) your friends list, (3) the email address associated with your social media account.
- Profile. For certain parts of our Service, your personal profile (“Your Profile”) will be automatically populated with the screen name you provided at registration. Where applicable, the information in Your Profile, including any information or content you voluntarily add to Your Profile such as first and last name and images you upload, will be made public by default. To change Your Profile privacy settings for these parts of the Service, log in to accounts.wizards.com and go to Your My Account tab then click “Edit Public Profile & Settings.” In this section, you may also change Your Profile information, who can view your page and activity, and who can contact you on these parts of the Service, as well as control how we communicate with you. Your Profile for these parts of the Service will be searchable by screen name, and you can change the visibility of Your Profile by de-selecting the “Profile is visible to other users” and “Profile is searchable” boxes in Privacy Settings. Please note: The photo you selected (you are not required to upload a personal photo) as your avatar and your screen name for these parts of the Service will always display on your page, posts, and in search results. You are responsible for any information and content you choose to make public either through Your Profile, or by posting on the Service. Profile settings and data processing may differ based on the part of the Service you are using.
- Message Boards, Forums, Blogs, and Chats. Wizards provides message boards, blogs, chats, and other public forums on the Service for exchanging information and communicating with other users. Please note that any information, user content, or any other materials that you post on our Service, including any information from Your Profile, where applicable, that you choose to make public, may be available for any user of the Service to read, and are therefore no longer private and may be disclosed by third parties. If you post information, materials, or other content on the Service, you are providing information that can be collected and used by others that you do not know, for their own purposes, including the distribution of unsolicited communications.
- Online Stores. Visitors purchasing goods and services through our Service will need to provide valid payment data, in addition to name, mailing address, phone number and email address.
- Promotions. To participate in some of our sweepstakes, contests, surveys, or other promotions (“Promotions”), you may be asked to provide an email address or screen name, so that we can let you know if you won a prize. We may also request your name and home address in order to send you products or information by regular mail.
- Customer Service. When you contact customer service you may be asked to provide us with information such as your name, telephone number, address and email. We collect this information as part of our customer service efforts and it is used to confirm your identity, respond to your inquiry or comments, for training purposes, and to assist us in providing better products and services.
- Wizards Play Network. Participants, including store owners and event organizers, have the opportunity to sign up with the Wizards Play Network in order to run organized play events. You must provide certain information to be eligible to participate in organized play.
- Resumes. Our Service allows for the online submission of resumes. Information collected from resumes will be used solely for the purpose of accepting and evaluating candidate submissions for job postings.
- Online Surveys. In order to improve the user experience at our Service, we may employ online surveys for visitors to volunteer information about themselves and provide us feedback about why they visit our Service and what we can do to make them better.
Whatever the activity may be, we will only collect information to the extent it is reasonably necessary to fulfill your requests and our legitimate business objectives. If you do not want to submit certain information when requested, you may not be able to access certain areas on our Service or take advantage of certain features of our Service. You may choose to voluntarily submit other information to us through the Service that we do not request, and, in such instances, you are solely responsible for such information.
- Information Collected Automatically
We automatically collect information about your device and how your device interacts with our Service. For example, we collect:
- Service Use Data. We collect data about the features you use, the services you purchase, the time of day you browse, and the web pages you visit.
- Device, Connectivity, and Configuration Data. We collect data about the type of device or browser you use, your device’s operating software, your regional and language settings, and other similar information. This also includes IP address, MAC address, mobile Ad Ids (e.g., IDFA or AAID), and other device identifiers.
- Location Data. We collect data about your location, which can be precise or imprecise. Precise location data can be Global Navigation Satellite System (GNSS) data (e.g., GPS), as well as data identifying nearby cell towers and Wi-Fi hotspots. We collect precise location data when you enable location-based products or features. Imprecise location data includes, for example, a location derived from your IP address or data that indicates where you are located with less precision, such as at a city or postal code level.
We use various current – and later – developed technologies to collect this data (“Tracking Technologies”), including the following:
- Log Files. Some data collected by Wizards is in the form of log-files that record website activity and gather statistics about web users' browsing habits. These entries help Wizards determine (among other things) how many and how often users have visited our Service, which pages they've visited, and other similar data. We also use the log file entries for our internal marketing and demographic studies, so we can constantly improve the online services we provide you.
- Clear GIFs. Clear GIFs, sometimes called "web bugs," “pixel tags,” or “web beacons” are file objects, usually a graphic image such as a transparent one pixel-by-one-pixel GIF, that are placed on a web page, advertisement, or in an email message. The GIF may tell us the IP address of the device that fetched our page, the URL of the page the GIF is on, the time the page was viewed, the type of browser used, and it can also identify a previously set cookie value, and how and where a user accessed a website. We may use this information to count visitors across our Service and understand how they navigate and use our Service.
- Location-Identifying Technologies. GPS, WiFi, Bluetooth, and other location-aware technologies may be used to determine your device’s location, sometimes precisely. Location data may be used for purposes such as verifying your device’s location and delivering or restricting relevant content and advertising based on that location.
- Voice Processing Technologies. Voice processing technologies collect audio through the microphone on your device to effectuate an instruction or request by you. We only maintain the audio long enough to complete your instruction or request and then immediately delete it. We may use non-audio data associated with the collection for additional purposes such as data analytics.
- App-Specific Technologies. Our apps include app-specific technologies, such as SDKs and APIs provided by third parties. An SDK is code embedded in an app that sends information about your use to a server, and is in effect the app version of a GIF. The information collected through such technologies often includes your mobile Ad Id.
We use third party analytics providers, such as Google Analytics, to use Tracking Technologies on our Service to help us analyze your use of the Service, compile statistic reports on the Service’s activity, and provide other services relating to Service activity and internet usage. We also work with ad serving services, advertisers, and other third parties to serve advertisements on the Service and/or on Third Party Services (defined below). These third parties may use Tracking Technologies on our Service and Third Party Services to track your activities across time, websites, and services for purposes of associating the different devices you use, and delivering relevant ads and/or other content to you on the Service and Third Party Services or third party devices after you have left the Service (“Interest-based Advertising”).
For further information on Tracking Technologies and your rights and choices regarding them, please see the sections entitled Third Party Services, Features, and Devices and Your Rights and Choices below.
- Information from Other Sources
- Data brokers from which we purchase demographic data to supplement the data we collect.
- Social networks or third party gaming platforms (such as Steam or Twitch) when you grant permission to Wizards to access your data on one or more of these services.
- Partners with which we offer co-branded services, sell or distribute our products, or engage in joint marketing activities.
- Publicly-available sources such as open government databases or other data in the public domain.
For further information on Third Party Services, see the section entitled Third Party Services, Features, and Devices below.
4. Information Use
- To operate, manage, and provide you with our Service.
- To perform services requested by you, such as to respond to your comments, questions, and requests, and provide customer service.
- To send you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages.
- To prevent and address fraud, breach of policies or terms, and threats or harm;
- To monitor and analyze trends, usage, and activities.
- For our internal research and demographic studies, so we can constantly improve the Service or other Wizards websites, applications, marketing efforts, products and services.
- To send you direct marketing communications including information about new products, contests, features and enhancements, special offers and other events of interest.
We also use information about you, including personal data, with your consent, including:
- To provide you with advertisements on our Service and other Third Party Services tailored to your interests.
- Verify your eligibility and deliver prizes in connection with Promotions you have entered.
- To fulfill any other purpose disclosed to you and with your consent.
We may use information that does not identify you (including information that has been de-identified) without obligation to you except as prohibited by applicable law. For information on your rights and choices regarding how we use your information, please see the section entitled Your Rights and Choices below.
5. Sharing of Information
Wizards shares information about you as follows:
- Service Providers. Wizards may share your information, including personal data, with our agents, vendors, consultants, and other third party service providers (“Service Providers”) for purposes of processing your information in connection with their work on our behalf. Service Providers assist us with operating our Service and provide us with other services such as organized play, community operations, online product fulfillment, prize payments, email services, marketing and promotional services, and technical support. Also, if you make a purchase on Service, your credit card data may be processed by a payment processing Service Provider as necessary to complete your purchase (for example, to process your credit card). These Service Providers are contractually prohibited from using your information for any purpose other than to provide this assistance, and they agree to maintain the confidentiality, security and integrity of information they receive from us. We may, however, permit Service Providers to use aggregate information that does not identify you or de-identified information for other purposes.
- Affiliates. Wizards may share your information, including personal data, with its related entities including its parent and sister companies. For example, we may share your information with our affiliates for customer support, marketing, or technical operations.
- Partners. We may share your information, including personal data, with our partners in connection with offering you co-branded services, selling or distributing our products, or engaging in joint marketing activities. For example, we may share information about you with a retailer for purposes of providing you with product support.
- Third parties. We may share your information, including personal data, with third parties for purposes of providing you with advertisements, including those tailored to your interests. We may share your information with third parties to which you link your Wizards account, including third party gaming platforms (such as Steam or Twitch).
- Tournament and Organized Play.If you engage in organized play, your full name, DCI number, city, state, nationality and email will be accessible by authorized tournament organizers, retail locations that are part of the Wizards Play Network, members of the Wizards’ community that are adjudicating organized play events, and prize fulfillment service providers. These parties are independent of Wizards, but they are contractually prohibited from using your information for any other purpose than that for which it was provided to them, and they agree to maintain the confidentiality, security and integrity of information they receive from us. Your information may also be disclosed to members of the Wizards’ community who are engaged in investigating violations of tournament rules and the Code of Conduct. Additionally, your full name, city, and country may appear in online leaderboards and organized play event results.
- Promotions. Our Promotions may be jointly sponsored or offered by third parties. If you voluntarily choose to enter a Promotion, your information, including personal data, may be disclosed to third parties for administrative purposes and as required by law (e.g., on a winners list). By entering, you agree to the official rules that govern that Promotion, and may, except where prohibited by applicable law, allow the sponsor and/or other parties to use your name, voice and/or likeness in advertising or marketing materials.
- Merger or Acquisition. In the event of, or during negotiations of, an actual or proposed merger, acquisition, reorganization, bankruptcy, or other similar event, your information, including personal data, may be shared with Wizards' successors or assigns or other third parties involved in the event.
- Security and Compelled Disclosure. We may disclose your information, including personal data, to comply with law or other legal process, and where required, in response to requests by public authorities, including to meet national security or law enforcement requests. We may also share your information in connection with an investigation of fraud, harassment, intellectual property infringements, or other activity that is illegal, a violation of our policies, or may expose you or us to legal liability. We may also share your information to protect the rights, property, life, health, security and safety of us, the Service or any third party.
- Consent. We may share your information, including personal data, for any other purpose disclosed to you and with your consent.
Except as set forth herein, Wizards does not sell or rent information collected from and about its customers to third parties. Without limiting the foregoing, in our sole discretion, we may share aggregated information which does not identify you or de-identified information about you with third parties or affiliates for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we share your information, please see the section entitled below.
6. Children’s Information
- A Note to Parents
- Services Directed to Children
Wizards may also offer certain areas of the Service that are identified as for Children and on such special areas of our Service we will either provide direct notice to a parent of our collection and use of Children’s personal information as defined by COPPA and obtain prior verifiable parental consent or limit our data collection activities to comply with the obligations of COPPA for Child-directed services. For a list of services that Wizards treats as being directed to Children under COPPA, please contact us as set forth in the section below entitled Contact Us.
- Collection, Use, and Sharing of Children's Information
Wizards may collect, use, and share personal information from Children if it is submitted by a Child with prior verifiable parental consent or by the parent or guardian of the Child. To determine who is younger than 13 years old and whether prior verifiable parental consent is required, we ask all users who wish to register to submit their date of birth. Those users that indicate they are Children are either blocked from the activity or taken through a parental consent process. As part of the parental consent process, parents have the choice of consenting to our collection and internal use of their Child’s personal information, but prohibiting us from disclosing that information to third parties (except to the extent such disclosure is integral to our Service). If we learn or have reason to suspect that we have collected information from a Child in violation of COPPA, we will promptly delete it.
In limited circumstances, in accordance with COPPA, Wizards does not require verifiable parental consent prior to collection, use, or sharing of Children’s personal information. For example, Wizards may collect and store persistent identifiers (e.g., cookies, IP addresses, etc.) from Children without prior verifiable parental consent where we collect no other Children’s personal information and such persistent identifiers are collected solely for the purpose of providing support for the internal operations of the Service.
Please refer to the sections entitled Information Collection, Information Use, and Sharing of Information for further details on how we process information.
- Parental Access
A parent who has already given Wizards permission to collect, use, and share their Child's personal information can, at any time, do the following: (1) review, correct, or delete the Child's personal information; and/or (2) discontinue further collection, use, or sharing of the Child's personal information. To do so, please refer to the confirmation email provided to you when you gave consent or contact us as set forth in the section entitled Contact Us below. Please be sure to include your Child's name and email address, your name and email address, and the area of the Service on which your Child is registered.
- Children in Europe
7. Third Party Services, Features, and Devices
Our Service contains content from and hyperlinks to websites, locations, platforms, and services operated, owned, and maintained by third parties (“Third Party Services”). These Third Party Services may use Tracking Technologies to independently collect information about you and may solicit information from you.
We may allow you to access our Service through a Third Party Service or connect our Service to a Third Party Service (“Third Party Features”). If you use a Third Party Feature, both we and the applicable third party may have access to and use information associated with your use of the Third Party Feature. Examples of Third Party Features include the following:
In addition, we may serve ads on Third Party Services, such as Facebook and Google, that are targeted to reach people (or similar people) on those services that have visited our Service or that are also identified in one or more of our databases (“Matched Ads”). This is done by matching common factors between our data and the data of Third Party Services. If we use Facebook Custom Audiences to serve Matched Ads on Facebook services, you should be able to hover over the box in the right corner of such a Facebook ad and find out how to opt-out. We are not responsible for such Third Party Services’ failure to comply with your opt-out instructions.
The information collected and stored by third parties, whether through our Service, a Third Party Service, a Third Party Feature, or a third party device, remains subject to their own policies and practices, including what information they share with us, your choices on their services and devices, and whether they store information in the U.S. or elsewhere. We encourage our users to read third party privacy policies before submitting any information to such third parties.
For further information on Tracking Technologies and your rights and choices regarding them, please see the sections entitled Information Collected Automatically above and Your Rights and Choices below.
8. Your Rights and Choices
- Review and Updating Account Information
If you have registered an account, you may at any time review or update the contact information in your account through your account settings or by contacting us as set forth in the section entitled Contact Us below. Please be sure to include in your message the name of the feature for which you registered and the email address you used to register so that we can verify your request. We may require additional information from you to allow us to confirm your identity. Please note that we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. Data subjects in Europe have additional rights set forth in the section entitled Your European Privacy Rights below.
- Posted Content
If you wish to review, correct, or delete content or information you have publicly posted on our Service you may do so by visiting the individual post and selecting the “Edit” or “Delete” options. Alternatively, you may contact us as set forth in the section entitled Contact Us below with your request. Requests must state that the user personally posted such content or information and detail where the content or information is posted. Please note we will make reasonable good faith efforts to remove the post from prospective public view and that removal of this content or information from public view does not guarantee complete or comprehensive removal. After your removal request has been honored, we may retain copies of the content or information you have previously posted on our servers. Additionally, we are not required to remove your posted content or information if we are required by law to retain it.
- Tracking Technology Choices
- Cookies and GIFs. Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations.
- App-Specific Technologies. You can reset your mobile Ad ID at any time through your device settings, which will allow you to limit the use of information collected about you. For information on how to do this on Apple devices, visit Apple.com or https://support.apple.com/en-us/HT202074. For information on how to do this on Android devices, visit Google.com. You can stop all collection of information via an app by uninstalling the app.
- Location-Identifying Technologies. The location data collected through an app depends on your device settings and app permissions. You can exercise choice over the location data collected through our apps by (i) for GPS data, disabling location in your device settings or disabling location permissions to that app; (ii) for Bluetooth data, disabling Bluetooth and any Bluetooth scanning option in your device settings; or (iii) for WiFi data, disabling WiFi and any WiFi scanning option in your device settings. You can stop collection of all location data via an app by uninstalling the app.
- Do Not Track. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, we do not monitor or take action with respect to “Do Not Track” signals or other mechanisms. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.
Please be aware that if you disable or remove Tracking Technologies some parts of the Service may not function correctly.
- Analytics and Interest-Based Advertising
Some of the third parties that collect information from or about you on the Service in order to provide more relevant advertising to you participate in the Digital Advertising Alliance (“DAA”) Self-Regulatory Program for Online Behavioral Advertising. This program offers a centralized location where users can make choices about the use of their information for online behavioral advertising. To learn more about the DAA and your opt-out options for their members, please visit (i) for website opt-out, http://www.aboutads.info/choices; and (ii) for mobile app opt-out, http://www.aboutads.info/appchoices. In addition, some of these third parties may be members of the Network Advertising Initiative ("NAI"). To learn more about the NAI and your opt-out options for their members, please visit http://www.networkadvertising.org/choices/. Please note that if you opt-out of online behavioral advertising using any of these methods, the opt-out will only apply to the specific browser or device from which you opt out. Further, opting-out only means that the selected members should no longer deliver certain Interest-based Advertising to you, but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks). We are not responsible for effectiveness of, or compliance with, any third-parties’ opt-out options or programs or the accuracy of their statements regarding their programs.
You may also limit our use of information collected from or about your mobile device for purposes of serving online behavioral advertising to you by going to your device settings and selecting "Limit Ad Tracking" (for iOS devices) or "Opt out of Interest-Based Ads" (for Android devices).
- Unlinking Your Accounts
If you have linked your Wizards account with certain Third Party Services, such as Facebook or Steam, you may unlink your accounts at any time by visiting your Wizards account settings. Please note that unlinking your accounts will not affect any information previously shared through the linking. Wizards is not responsible for any third party data practices, and we recommend that you carefully review their online policies.
- Your California Privacy Rights
California Civil Code Section 1798.83 (“Shine the Light”) permits customers of Wizards who are California residents to request certain information regarding its disclosure of personal information as defined by Shine the Light to third parties and, in some cases, affiliates, for those third parties’ and affiliates’ own direct marketing purposes.
We share our customer’s personal information as defined by Shine the Light with third parties and/or affiliates for such third parties’ and affiliates’ own direct marketing purposes. If you are a California resident and wish to obtain information about our compliance with this law, please contact us as set forth in Contact Us below. Requests must be in writing, include “California Privacy Rights Request” in the first line of the description, and include your name, street address, city, state, and ZIP code. Please note that Wizards is not required to respond to requests made by means other than through the provided email address or mail address.
- Your European Privacy Rights
If you are a data subject in Europe, you have the right to access, rectify, or erase any personal data we have collected about you through the Service. You also have the right to data portability, right to be forgotten, and the right to restrict or object to our processing of personal data we have collected about you through the Service. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.
To exercise any of these rights, contact us as set forth in the section entitled Contact Us below and specify which right you intend to exercise. We will respond to your request within 30 days. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfil the purposes for which it was collected, and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.
If you have any issues with our compliance, you have the right to lodge a complaint with a European supervisory authority.
9. Data Security
Wizards takes reasonable steps to help protect the security and integrity of any information you provide to us by implementing and maintaining administrative, physical, and technical safeguards. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of your information collected through our Service.
10. International Transfer of Information
12. Contact Us
Wizards of the Coast
ATTN: Customer Support
P.O. Box 707
Renton, WA 98057-0707
Submit a help request at https://support.wizards.com (requires creating an account or signing in to your account).
For complaints, you can also contact ESRB Privacy at ESRB Attn: Privacy Certified Program, 420 Lexington Avenue, Suite 2240 New York, New York 10170, by email at email@example.com, or directly through their consumer hotline.
For Europe specific requests, you can reach our DPO at: firstname.lastname@example.org