In a Nutshell
The Platform and Services form a customer loyalty program that helps our Partners improve their games and services while granting users access to personalized offers and advertising, community events, enhanced customer support, exclusive in-game rewards and other features for games that are connected to the PROS account ("Account"). By connecting a game to an Account, users share game-related information (such as feature usage, statistics and scores, user rankings and click paths) with us. The data is stored in usage profiles. We and our Partners process the data to provide the above services (including the display of personalized advertising) and additional features (if selected by the user). The registration for our Platform and the use of the Services is completely optional.
If you have further questions or comments regarding privacy or to assert your legal rights, please contact PROS at above address or [email protected].
1. What types of data do we collect?
What data we collect and process depends on what Services you use. We may collect personal as well as non-personal user data.
A. Personal Data
"Personal Data" means any information relating to an identified or identifiable natural person. Personal Data is one that identifies you directly or indirectly (also in conjunction with other data) and that can be used to contact you online or offline.
Examples of personal data are: Name, address, phone number, email address, User ID, IP address, location, payment information (credit card number, bank details).
B. Non-personal Information
Non-personal data cannot be used to identify or contact you. We may collect and store information locally on your device, using mechanisms like cookies, browser web storage (including HTML 5) and application data caches when you use our website (see below for details).
In order to use certain Services, anonymous Telemetry data must be linked to Personal Data such as your user account. Such linking only takes place if and to the extent that you register for our Platform and link a certain game or software to it (see below for details).
2. Identifying the (joint) controller(s)
Controller of the data processing related to the provision of the Services, including the operation of the Platform, websites, and all other services, is the Prism Ray Online Services GmbH, Gewerbegebiet 1, A-6604, Hoefen, Austria, [email protected].
The following data processing is subject to joint controllership:
- Analyzation of game-related data in user profiles (see Section 5.C)
- Provision of the Cross-Saves feature (see Section 5.D)
Below you will find a list of our Partners and joint controllers:
- PLAION GmbH, Embracer Platz 1, 6604 Hoefen, Austria
- [email protected] or +43 5672 606 101
- Saber Interactive, Inc., 2200 N Ocean Blvd, #CU4, Fort Lauderdale, FL, 33305, USA
3. How do we collect Personal Data?
The Information that you provide directly to us will be apparent from the context in which you provide the data. In particular, we collect data as follows:
A. Creation of an Account
When you create or update an Account for our Platform (see Section 5.D for further details), we collect your full name, user tag, email address, password, age, and country. Your Account will also be assigned an identification number (a so-called "ID").
B. Contact and Newsletter
When you contact us or subscribe to our newsletter, we collect your e-mail address or other contact data you provide. We also collect the data resulting from your request (e.g., your customer support questions).
C. Information we collect automatically
Even if you do not provide information to us, we automatically collect technical data such as log file data and information about your use of and interaction with our Platform and/or Services as described in Section 5.A below. We use the technical data to troubleshoot problems, gather information for analysis of the Services and website usage, customize your experience when accessing our Platform and/or Services and for other business purposes.
D. Data from Games connected to your Account
When you connect a game to your Account, game-related data will be shared with us. This includes Telemetry data collected in the game or save game data (if this feature was enabled by you). This data is processed in order to perform our contract with you (see Section 5.C below). In addition, the data is processed to the extent that you have given us your explicit consent to use it (see Section 5.D and Section 5.E below).
E. Data from Third-Party Services
We may receive information about you from outside sources. When you connect a game to your PROS Account, we receive the information which platform you use (e.g., Steam, Epic Games Launcher, PlayStation Network, XBOX Live) as well as your user-ID and certain information related to your user account for the respective platform. Depending on the respective platform, the data we receive may involve the following:
- Xbox XSTS token (including device pairwise ID, Xbox User Partner ID, gamertag (nickname), age group, country, Xbox Partner XUID)
- PlayStation ID token (including age of the account, account ID, country/region code for the account, date of birth of the account, online ID of the account (nickname))
- Nintendo ID token (including Nintendo account identifier, user country of residence)
- Epic Access token (including Epic account ID, Epic user display name)
- Steam ID
- Stadia Auth token (stadia player ID)
- Oculus User ID
4. Lawful grounds for the processing of your data
Insofar as we obtain the consent for processing of Personal Data, Art. 6 para. 1 lit. a GDPR serves as lawful ground.
If the processing of Personal Data is necessary for the performance of a contract to which you are a party to, Art. 6 para. 1 lit. b GDPR serves as lawful ground. This also applies to processing activities prior to entering into a contract.
Insofar as processing of Personal Data is required to fulfill a legal obligation we are subject to, Art. 6 para. 1 lit. c GDPR serves as lawful ground.
Insofar as processing of personal data is necessary for the performance of a task carried out in a vital interest of the data subject or another natural person, or in the public interest, Art. 6 para. 1 lit. d and lit. e GDPR serve as lawful ground for processing.
If processing is necessary to pursue our legitimate interests, and if your interests, fundamental rights and freedoms do not prevail over our interest, Art. 6 para. 1 lit. f GDPR serves as lawful ground for processing. Our legitimate interests include, inter alia, the assertion, exercise or defense of civil claims or the operation of our websites.
5. How do we use your data when you use specific Services?
How we use your Personal Data will depend on which Services you use, how you use the Platform and the choices you make in your settings.
A. Use of our websites
Log file data
When you visit our websites, access data is recorded in the log file on our servers. We record: Internet protocol, address / IP address, country and page from which the file was requested, date, time, browser type and operating system, page visited, data transfer, access status (file transfer, file not found, etc.).
We use the log files to ensure the functionality of the website (including language settings and age verifications), to monitor traffic on our websites, to resolve technical issues, and to generate statistics that help us tailor our services to your needs. This is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
We do not store this data together with other Personal Data. If it comes to an abuse of our websites, we can block IP addresses, if necessary. The data is stored only for a limited period of time and only for as long as necessary to ensure the safety and functionality of our websites.
- offer our Services;
- ensure that our websites function properly;
- further develop our Services and products;
- learn more about our users and their interests;
- make interesting offers and inform about our Services.
Cookies are small files that are used in your internet browser to track movements within web pages and to allow analysis of web page usage. We may connect Cookie information with Personal Data.
Technically necessary Cookies
The processing of Personal Data using Cookies and similar tracking technologies serves our legitimate interest and is based on Art. 6 para. 1 lit. f GDPR.
Analysis and tracking Cookies
PROS uses its own metrics analysis tools and other analytic technologies when you use our website and Services.
The use of the analysis cookies is for the purpose of improving the quality and content of our websites and services. Through analysis cookies we learn how the website and our Services are used and so we can constantly optimize our offer for you.
We set this type of cookies only with your prior consent. When you visit our website for the first time, you can give or refuse your consent, and you can freely revoke your consent at any time with effect for the future via a tool (consent tool). Here you will also find detailed information about the Cookies we use.
Most browsers are automatically set to accept Cookies. If you do not wish to have Cookies stored on your computer or to be informed about their storage, you can prevent the installation of Cookies by adapting your browser software accordingly. In your browser settings, activate the option "Do not accept cookies" or "Do Not Track" (different depending on your browser). The instructions of your browser manufacturer will give you more information on how this works. However, we would like to point out that by preventing Cookies you may not be able to use all the functions of the website to the fullest extent.
You can register for our Services by creating an Account on the website of our Platform. Registration requires the provision of your name, username, e-mail address, age, and a self-selected password. The provision of any other information is voluntary. For the registration we use the so-called double opt-in procedure, i.e. you will receive an e-mail in which you must confirm that you are the owner of the specified e-mail address and wish to create the account.
We only store the data for as long as we need them to provide the respective Services. In general, the data you provide, as well as the time of your registration for the Services and your IP address will be stored by us until you delete your account or until you make changes to your data (e.g., change your e-mail address). Your password will only be stored in hashed form (i.e., neither we nor our Partners can access the actual password).
We collect and use the data to the extent necessary to create the Account and to provide the Services. The registration requires you to accept our Terms of Service and Use (please use the link footer), which constitute a contract between you and us. Therefore, the data processing is based on Art. 6 para. 1 lit. b GDPR (performance of contract).
C. Analysis of game-related data in user profiles
When you register for our Services, a user profile is created in which game-related Telemetry data of the games you play and connect to your Account is aggregated, stored, and analysed.
Connecting games to your Account
You can connect our Partners’ games to the Platform. This requires a one-time scan of a QR code provided in the respective game, which will redirect you to the website of our Platform. By logging into your Account, the game will be linked to your Account. Please note that if you play a game on multiple platforms (e.g., on different consoles and/or on PC), each platform version of the game must be connected to the Account separately.
When you connect the game to your Account, the user-ID assigned to you by the platform you are playing on (e.g., the Xbox XSTS token, PlayStation ID token, Nintendo ID token, Epic Access token, Steam ID, Stadia Auth token, Oculus User ID) as well as the Telemetry data collected during your play sessions will be shared with us.
Analysis of the user profile data
Telemetry data include, as mentioned above, information about the feature usage, game play statistics and scores, user rankings and click paths during your game sessions. These data help us to gain insights in your play style, (potential) interests and preferences related to the games you play.
The information processed in your user profile is used to the necessary extent to improve our Partners’ games and services as well as to provide you with personalized offers and advertising (based on your interests) as well as in-game content and rewards for your connected games (based on your in-game progress). This may involve the following use cases:
- Development of updates and/or upgrades of our Partners’ games and services or development of new games by our Partners. Updates may, for example, improve the balancing in the game or fix bugs. Upgrades may bring new, particularly popular features, game modes, or content into the game.
- Granting of in-game content such as skins, currency, bonus items or objects as well as achievements based on a user’s progress. You may, for example, gain a bonus item for a new level you just reached or an achievement for a certain in-game interaction.
- Displaying personalized advertising and offers on our website. For example, you may receive advertising of games that are similar to a game you just finished.
The above processing is based on Art. 6 para. 1 lit. b GDPR (performance of contract). Please note that the profile data are also used for the provision of additional Services as set out below. For example, if you subscribe to our newsletter, your profile data is processed to personalize this newsletter to your preferences. However, such processing only takes places with your explicit consent (see below).
No automated decision-making
We do not intend to use your data for automated decision-making pursuant to Art. 22 GDPR.
D. Provision of the Cross-Saves feature
The Services offer the "Cross-Saves" feature for certain games. When Cross-Save is activated by the user, savegames of the respective titles are transmitted and stored on our cloud servers. The savegames can be accessed and used from other devices or even from other platform devices, provided that the game client is installed on the respective device and that both versions of the game are connected to the Account. For example, you may be able to play a PC savegame on consoles and vice versa.
Please note that there may be some restriction to this feature. Savegames can generally only be accessed in countries where our Services are available. All platform versions of the game on which the feature is to be used must be connected to the Account. Furthermore, not all our Partners’ games may support the Cross-Save feature.
When you activate the Cross-Saves feature, your savegames will be uploaded to our cloud servers. Each time your device connects to our servers, your technical log file data (see Section 5.1 above) is transferred to our servers. We will process the savegame and log file data only to provide the Cross-Saves feature.
Please note that Personal Data on our servers, including your savegames, are deleted in accordance with the statutory provisions. You may not have access to your savegames anymore after disabling the Cross-Saves feature or deleting your Account. If you want to keep your savegames, please make sure to transfer your savegames to a local device before deactivating the feature or deleting your Account.
The above processing is based on Art. 6 para. 1 lit. a GDPR, since we only provide the Cross-Saves feature when you activate the feature and explicitly consent to the upload of your savegames to our servers. You can revoke your consent at any time in the settings of your PROS Account.
E. Advertising / Newsletter
With your consent, we will be happy to send you our newsletter. To do this, you must register for our newsletter. More details on the content of the newsletter in question are explained in the declaration of consent or on the registration page.
You can sign up for our free newsletter on our websites. For the registration to our newsletter we use a double opt-in procedure for GDPR compliance provided that GDPR applies to the country from which you are registering. After your registration, we will send you a message to the specified e-mail address with a link that you can click to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your details will not be used to send the newsletter and will be deleted after one week. In addition to your e-mail address, we collect and save the time of the submission of your consent. Only then can we document that you have voluntarily registered.
We want to keep the newsletter as relevant and interesting as possible for you. Therefore, the contents of the newsletter will be personalized based on your interests and preferences, which we have determined from the user profile (see Section 5.C above), provided that you have created an Account.
We also point out that we evaluate your user behavior when sending the newsletter, i.e., we can see if you open the newsletter or click on links contained in the newsletter. For this evaluation, our newsletter includes a so-called "web beacon". This is a pixel-sized file that we use to analyze the reach and success of our newsletter and tailor it to your needs. For the evaluations, we link the aforementioned data and the web beacons with your e-mail address and an individual ID. Links contained in the newsletter also contain this ID. The IDs are linked with further personal data from you including your name, Account and user profile, country, and technical data such as browser and operating system. By evaluating this data, we can assess the general use of the newsletter and gain insights into which content and parts should be further improved and developed according to user habits. This helps us to further personalize the newsletter to your interests and preferences.
Your data will only be used to send, evaluate, and personalize newsletters. We store your data only as long as the subscription to the newsletter is active.
If you're receiving our newsletter in the European Union, European Economic Area, Switzerland, or the UK, the legal basis for the related data processing is Art. 6 para. 1 lit. a GDPR or the corresponding provision in the Swiss and UK legislation, as the newsletter is only sent and evaluated with your consent. You can revoke your consent and cancel the subscription at any time with effect for the future. You will find a unsubscribe link in each newsletter.
F. E-mail Contact / Contact Form / Customer Service
You can contact us by e-mail or through our contact form at any time and contact our support team. In this case, the Personal Data transmitted by e-mail or with your inquiry will be stored. The data is used exclusively for communication.
The basis for the processing is our legitimate interest to respond to your request as requested and is based on Art. 6 para. 1 lit. f GDPR.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection.
You can object to the storage of your data at any time. However, a proper response to your inquiry can then no longer be guaranteed in individual cases.
6. How long will your data be stored
We will process and store Personal Data no longer than necessary for the purposes for which they have been collected. Subsequently, the Personal Data will be deleted in accordance with the statutory provisions.
In general, your Personal Data will be stored during the term of our contractual relationships. However, in some cases, Personal Data may be stored for longer due to EU regulations, laws or other regulations to which we are subject or for as long as the retention of Personal Data is required due to other legal reasons (e.g. in accordance with Art. 17 para. 3 GDPR). This may include keeping your Personal Data after you have deactivated your account for the necessary period for us to pursue legitimate business interests, comply with (and demonstrate compliance with) legal obligations, resolve disputes or enforce our agreements. If there are legitimate reasons opposing a deletion, for instance statutory retention or storage periods, processing of these data will be limited. In such case the data will be erased as soon as the reason for further storage ceases to exist, for example if the statutory retention period expires.
Is the right to process Personal Data based on your consent in accordance with Art. 6 para. 1 lit. a GDPR the data will be deleted as soon as the purpose of the storage is canceled or if you revoke your consent. A revocation is possible at any time. The revocation of your consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
Please contact us at [email protected] for any inquiries. For more information please see Your Legal Rights.
7. How do we disclose Personal Data?
Transfer to our Partners
Transfer to our service providers
Transfer to affiliated companies and other third parties
Insofar as it is necessary for internal administrative purposes or our business operations or in case we have obtained your consent, we may share your Personal Data globally with companies of the PROS Group (to affiliates, subsidiaries and the parent company). When transferring and using the data, we always comply with data protection regulations and the scope of your consent. The affiliated companies may - insofar as they are entitled to do so or you have consented - also use the data for their own purposes, e.g. direct advertising for their own services.
Due to the corporate structure, PROS has a legitimate interest in the transfer of Personal Data within the group to the extent necessary for administrative or operational services pursuant to Art. 6 para. 1 lit. f GDPR.
Any other transfer to third parties will only take place if this is necessary for the fulfillment of the purpose of the contract, we can invoke our legitimate interest or you have given us your consent.
Transfer for legal or law enforcement reasons
PROS may also disclose Personal Data to law enforcement or the relevant civil authorities to enforce legal rights and to comply with the law, or to comply with a decision by a government or other competent authority, or if we have reason to believe that disclosure is required to respond to potential or actual violations or interference with our rights, property, reputation, business operations, users or others who may be harmed, or if we believe disclosures are required to protect our rights or us against fraud, or to comply with any PROS lawsuit, court order or legal process served.
In the context of corporate transactions (acquisition, sale, restructuring of companies or company shares), third parties may gain access to your Personal Data. Disclosure for this purpose serves our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.
8. Do we transfer Personal Data internationally?
We are a global business. Personal Data may be stored and processed in any country where we have operations or where we engage service providers. We may transfer Personal Data that we maintain about you to our Partners, service providers and other recipients in countries other than the country in which the Personal Data was originally collected, including the United States. Those countries may have data protection rules that are different from those of your country.
If you are located in the European Economic Area or Switzerland, we comply with applicable laws to provide an adequate level of data protection for the transfer of your Personal Data to the USA and to other countries outside of the European Economic Area (“Third Countries”). Please note that some Third Countries, including the USA, do not guarantee an adequate level of data protection. Transferring data to these Third Countries may therefore involve additional risks for your privacy rights. For example, the enforcement of your rights can be more difficult in these Third Countries.
However, we use our best efforts to ensure that an international data transfer to Third Countries is governed by an adequate data transfer mechanism based on a risk assessment regarding the transfer. We rely on one or more of the following mechanisms: EU Standard Contractual Clauses with a data recipient outside the European Economic Area, and/or verification that the European Commission has adopted an adequacy decision in accordance with Art. 45 GDPR for the respective Third Country.
For further information about the EU Standards Contractual Clauses, please contact us by email to [email protected].
Protecting the privacy of children is particularly important to us. PROS understands that parents, guardians or other adults often use our family services, including for use by minors. If a minor under the age of 16 (or below the minimum age in the Member State concerned, which can be lower) submits Personal Data to PROS and we learn that such Personal Data contains information of a child below 16 (or below the minimum age in the area, which could be lower) and there is no effective consent, we will delete the data as soon as possible. It is our policy to comply with any applicable law protecting minors.
The consent of children under the age of 16 is only lawful if the parents have given their consent. Each member state of the EU can reduce the age to a maximum of 13.
PROS, taking into account the available technology, makes efforts to make sure that the parents have given their consent to children. Nevertheless, we would like to make parents aware that age verifications can be technically bypassed. Please do not leave your children unattended on the Internet and explain their importance to the proper handling of their data.
10. Security of Data
We adhere to generally accepted industry standards to protect personal and non-personal data for both transmission and storage.
All PROS employees and all of our Partners’ employees are required to comply with data security and privacy policies and have appropriate instructions and are trained on a regular basis.
For payment transactions, your data is encrypted using the SSL process. Our employees and or payment providers are not authorized to request further user data such as bank details or passwords.
Persons requiring access for technical, business, or editorial maintenance of the server and portal are legally bound by a confidentiality and non-disclosure agreement.
Please note, however, that no electronic communication or electronic storage method is completely secure. We remind you that despite our high standards, information that you voluntarily provide in the internet is never guaranteed to be 100% secure. There is always the danger that third parties will gain unauthorized access. While we strive to use all commercially reasonable means to protect your personal information, we cannot guarantee absolute security.
11. Non-liability for third parties
12. Your legal rights under GDPR
You can revoke a given consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
You can also request information from us at any time as to which Personal Data we process from you (Right of Access, Art. 15 GDPR). Insofar as the data concerning you is incorrect or incomplete, you have a Right of Rectification (Art. 16 GDPR). In certain cases, you have the right to request a restriction of processing (e.g. if you contest the accuracy of your Personal Data or if you oppose to the erasure of your unlawfully held Personal Data). Details can be found in Art. 18 para. 1 GDPR.
You can demand that the Personal Data concerning you shall be deleted immediately (Right to Erasure, Art. 17 GDPR). In particular, we are required to immediately erase this information if the data is no longer necessary for the purposes for which it was collected or if you revoke your consent. Further deletion obligations can be found in Art. 17 para. 1 GDPR.
If you have the right to rectify, delete or restrict the processing by us, we are obliged to notify all recipients to whom your personal data have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort (Notification Obligation, Art. 19 GDPR).
You have the right to object to the processing of your Personal Data where the processing is necessary for the performance of a task carried out in the public interest or where the processing is necessary for our legitimate interests, according to Art. 21 para. 1 GDPR. You can object to the use of your Personal Data for marketing purposes at any time (Art. 21 para. 2 GDPR).
You also have the right to receive personally identifiable information you provide to us in a structured, common and machine-readable format. You also have the right to transfer this data to another person without hindrance (Right to Data Portability, Art. 20 GDPR).
Please note that in we may reasonably ask you for additional information to verify that you are the owner of this data. This is for the security and integrity of your data.
Without prejudice to any other administrative or judicial remedy, you have the right to file a complaint to a supervisory authority, in particular in the Member State of residence, place of work or place of alleged infringement, if you believe that the processing of the personal data concerning you is violates the GDPR.
Please direct your data protection request to [email protected].
13. California Residents’ Rights / CCPA
We are regulated under the California Consumer Privacy Act (“CCPA”), which applies to California residents.
Under the CCPA, California residents have several important rights:
Right to Know: You can ask us what personal data we hold about you and request a copy. This includes:
- The type and specific pieces of personal data we have collected;
- The types of sources we collect the data from;
- The purpose for collecting your personal data;
- The third parties we share that data with.
Right to Delete: You can request that we erase your personal data. There are some exceptions to this right, if we:
- Need to complete the transaction for which the personal data was collected or if there is an ongoing business relationship or contract with you;
- Detect security incidents and protect against malicious, deceptive, fraudulent, or illegal activity;
- Need to identify and repair errors affecting Service functionality;
- Exercise free speech or ensure another consumer can exercise (or another lawful right);
- Need to comply with the California Electronic Communications Privacy Act
- Engage in research in the public interest;
- Enable solely internal uses that are in line with your expectations for using your personal data;
- Need to comply with a legal obligation;
- Otherwise use your personal data internally, in a way that’s compatible with the reason we collected it in the first place.
Sale of your personal data: We don’t sell any of your personal data for any purposes.
Other Rights: California residents also have the right to request information about our disclosure of personal data to third parties for direct marketing purposes during the calendar year before your request. This request is free and may be made only once a year.
We won’t discriminate against you for exercising any of the rights listed above.
If you would like to exercise any of those rights, please email us at [email protected].
To ensure the security and integrity of your data, we may ask you for additional information in justified cases to verify that you are the owner of that data.
14. Brazilian Residents’ Rights / LGPD
We are regulated under the Lei Geral de Proteção de Dados (“LGPD”), which applies to Brazilian residents.
Under the LGPD, Brazilian residents have several important rights:
- Know when we use your personal data
- Access your personal data, correct any errors, or delete your personal data
- Anonymize, block, or delete data that we don’t need or are not processing in compliance with the LGPD
- Request we transfer your data to another provider
- Be informed about who we share your data with
- Be informed about your ability to deny consent and any consequences
- To revoke your consent
These rights apply to any personal data collected or processed in Brazil, as well as any personal data processed for the purpose of providing goods or services in Brazil.
If you would like to exercise any of those rights, please email us at [email protected]. To ensure the security and integrity of your data, we may ask you for additional information in justified cases to verify that you are the owner of that data.
16. Questions and Comments
If you have any questions, concerns or remarks about data privacy, please contact us at [email protected].