xterio
  • SIGN IN
Picture
privacy policy

Last Updated: 5 September 2024

This privacy policy (the “Privacy Policy“) explains the manner in which Xterio Labs Limited (“Xterio“, “we“, “us“, “our“) collects, uses, maintains, and shares information obtained through our Platform from Platform Game publishers and developers, Xterio Platform and Game users, visitors to our website, www.xter.io, and any other websites or pages that link to this Privacy Policy (collectively, the “Site“); and individuals who enquire about and/or use the various applications, networks, marketplaces, technologies, and other services we offer (the “Platform“, and together with “Site“, the “Services“).

Capitalized terms not defined herein shall have the same meanings ascribed to them as set out in our Terms of Service. The term “Game” as used in this Privacy Policy is defined as any game made available by us for use on the Platform from time to time (whether existing now or in the future) and all updates, upgrades, expansion packs, additional content, software, localised versions and related products, applications and services.

Xterio is a data controller when operating our Platform; and a data processor when providing our Site and/or Platform to third-party Game publishers, Game developers, service providers (including but not limited to our third party “know your customer“ (KYC) service provider) and their affiliates or their agents (each, a “Game Entity“ and collectively, “Game Entities“).

Please review this Privacy Policy carefully.

1.INFORMATION WE COLLECT

Depending on your relationship with us, we collect different types of information about you and your device as you interact with our Services.

Information You Provide to Us

The information you provide to us when you use our Services will depend on which of our Services you use:

  • You may contact us directly by submitting questions to our support team, or communicating with us for any other purpose. At times, the information we collect will include your name, email address, telephone number, and affiliation to Xterio.
  • You may use our Platform to build or develop Game features or technologies. As part of Platform use by Game developers, we require developers to sign our Game development license agreement and under this agreement Game developers will be required to provide certain personal information, including contact name(s), email addresses and wallet address or bank account details. From time to time, this information is collected either directly by us; directly by our KYC provider, if applicable, which in such case provides regulated money transmission related services for fiat, digital assets and virtual crypto currencies (including KYC and anti-money laundering checks); and/or by a third-party payment processor.
  • We may collect certain personal information as part of your interaction with and undertaking of transactions relating to any marketplace or storefront made available on or via the Platform, if any. At times, we may collect the following information - your username, password, Game profile (including your profile picture and any information needed for the Game to function such as an inventory of in-Game items, your Game user account profile ID, analytics ID, email address, and wallet address for any wallet you are using to make transactions, and the account unique identifier assigned to you by the Platform, and credit card or other payment method information necessary to engage in transactions on the Xterio Platform. We also collect and retain records of transactions that take place on the Xterio Platform.
  • Subject to this Service being made available on our Platform, where you create an account to use our mobile application version of the Platform (“App“), as part of your account creation, we may collect your name, email address, country of origin, crypto wallet address, avatar, and nickname. From our App we may also collect user behavior data for data analysis and product improvement.
  • Where you create an account to use certain features of the Services, including a Platform-created non-custodial digital asset wallet (the “Wallet“), as part of the registration process, we may collect your name, email address, or social media account information.
  • Your contact and profile information if you choose to use a social login service such as Facebook, Google, LinkedIn, Instagram or other similar services to create or access your account.

Information We Collect Through Our Services

We may receive and store information about you and your device(s) automatically when you navigate the Services, which may include:

  • Information related to the device and software you use to access the Services, such as your internet protocol (“IP“) address, mobile device identification, web browser type, operating system version, and other similar information; and
  • Information about your interactions with the Services, such as the specific pages you visit, content you view, date and time of your visits, and, as applicable, the website you visited before you came to the Service. Xterio may also conduct KYC and Anti-Money Laundering (“AML“) verification as required by applicable law, which may include collecting your name, address, phone number, email address and form(s) of identification (such as a driver’s license and your social security number).

Please note that for user transactions on the Xterio Platform, KYC and AML checks may be conducted by our KYC provider. You are strongly advised to review our KYC provider’s privacy terms (if any). Xterio and our KYC provider use a graduated system of KYC and AML which means that the larger the transaction the more documentary verification may be required and collected. Verification may be performed by Xterio or by our KYC provider.

Information We May Receive From Third-Party Sources

We also may receive information about you, your account with the Game developer or Game publisher, your Wallet, other service providers, and/or your device from third-party sources, including:

  • A third-party Game publisher or developer or storefront operator whose services are supported by our Platform. Information we collect from a third party whose Xterio-enabled service you use may include your crypto wallet’s public keys, coarse location, and other information required to facilitate the transfer of tokens, and/or digital currencies into or out of your Wallet.

  • Either directly or via a third party Game publisher or developer or third party provider, we may collect the following information about Game players:

    • your contact information such as name and (if you choose to provide them) phone number and email address;
    • your player username and password;
    • your Game profile, including your profile picture and any information needed for the Game to function, such as an inventory of in-Game items;
    • Other data you choose to give us such as data to identify a lost account;
    • Your Game user account profile ID – an Xterio specific ID generated by our Game server for you;
    • Analytics ID – a randomly generated anonymous identifier used to distinguish activity from one Game account versus another in our analytics data;
    • Usage data including information about how you use our website, products and Services and your game progress;
    • Your IP address and mobile device identifiers (such as your device ID, advertising ID, Media Access Control (MAC) address, International Mobile Equipment Identity (IMEI));
    • Data to fight fraud (such as refund abuse in games or click fraud in advertising);
    • Data about your device, such as device name and operating system, browser type and language; and
    • Marketing and communications data including your preferences in receiving marketing from us and our third parties and your communication preferences.
  • Providers of third party cryptocurrency wallets that are used to make transactions on the Platform, including your Wallet identification number.
  • Third party providers of KYC/AML services, payment processors and or money transmission licensees (some of which may have professional association with Xterio).
  • Public blockchain or data from public sources.
  • Analytics providers that track usage of our Site, Platform and Services.

We also may host, or engage third parties to host, information about you, or manage servers in which your information is stored, on behalf of select third-party partners and service providers in order to allow you to engage in our Services. Information we collect through our service providers and business partners may include your name, email address and wallet addresses.

Information From Cookies and Similar Technologies

We and our third-party partners may collect information about you and/or your device(s) using cookies, pixel tags, or similar technologies. Where we or our third-party partners do so, this will be in accordance with our cookies policy. Our third-party partners, such as analytics and advertising partners, may use these technologies to collect information about your online activities over time and across different Services. Cookies are small text files containing a string of alphanumeric characters. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Site. Please review your web browser’s “Help“ file to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Site, you may not be able to utilize the features of the Site to their fullest potential. There are also online tools available for clearing all cookies left behind by the websites you have visited, such as www.allaboutcookies.org ; and for users in the EEA & UK,https://www.youronlinechoices.eu/. Most advertising networks offer you a way to opt out of Interest Based Advertising. If you would like to find out more information, please visit http://www.aboutads.info/choices/ or http://www.youronlinechoices.com. The information we may collect via cookies may include:

  • Internet protocol (IP) address;
  • Unique mobile device identification numbers (such as your MAC address);
  • Identifier For Advertising (IDFA);
  • IMEI;
  • Type of device, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;
  • Usage data including information about how you use our website, products and Services; and
  • Marketing and communications data including your preferences in receiving marketing from us and our third parties and your communication preferences.

2.HOW WE USE THE INFORMATION WE COLLECT

We may use the information we collect or receive about you in different ways including to:

  • Communicate with you (for example, but not limited to, newsletters), provide you with updates and other information about our products, Services, Platform, Games and provide information you request, respond to questions, and otherwise provide customer support;
  • Provide, maintain, improve, and develop our Services, Platform, Games and new products, services, features, and functionalities;
  • Facilitate the actions you initiate through our and third-party Games and other services made available by our Platform and to improve and optimise your gaming experience;
  • Carry out our obligations arising from any contracts entered into between you and us;
  • Engage in marketing and advertising (both on Platform and in-Game) which you have previously agreed to and would have the ability to opt out of at your discretion, such as developing and providing materials that may be relevant, valuable, or otherwise of interest to you;
  • Understand and analyze how you use the Services;
  • Manage competitions and/or promotions and your registration for the same;
  • Manage and secure our Site, Platform (including the Wallet and the Xterio non-fungible token (NFT) marketplace), network systems, APIs and other assets and account verification and clearance;
  • Administer surveys and opinion polls (these are, however, usually anonymous);
  • Find and prevent fraud, and respond to trust and safety issues that may arise;
  • Provide social features as part of our Services;
  • Analyse technical and usage information to help us develop Games, Services and other products that our users wish to access and play and to improve them;
  • Comply with our legal and regulatory obligations in all relevant jurisdictions, such as KYC and AML compliance or transaction reporting and the detection of Game cheating and activities that ruin the experience of players using the Games, security risks, fraud and other unlawful activity;
  • Send Game users information such as updates, security alerts and support messages;
  • Provide moderation services for players of the Games, including communications between players;
  • Satisfy or answer legal or regulatory requirements;
  • Verify and confirm payments;
  • Administer leader boards, nicknames and club name/club information; and
  • Manage our everyday business needs, including auditing, enforcing our Terms, if any, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency. We also may use your information for any other purpose(s) disclosed to you at the time we collect or receive the information.

3.HOW WE SHARE THE INFORMATION WE COLLECT

We may share the information we collect about you with the following categories of third parties:

  • Service providers. We may share any information we receive with vendors, payment processors and service providers we use to support our business or provide the Services, such as companies that provide operational and management services, development and maintenance services, digital currency services, web hosting, information technology, payment processing, customer service, financial and legal services, and other similar administration and support services. In such cases, Xterio remains responsible for these vendors and service providers and will enter into appropriate contracts which require them to implement appropriate technical and organizational measures.
  • Sub-processors who store or process information on our behalf, in particular data analytics providers and data storage providers. Information shared with such providers is supplied in an anonymised format such that that data cannot be linked to any particular individual and is therefore not considered to be personal data.
  • Our KYC provider. Our KYC provider performs all regulated KYC/AML services for Xterio that are required in connection with the Services on our Platform and in that role controls all relevant information to achieve that purpose. They will also perform any KYC and AML plus the data collection required by applicable law for transactions on the Xterio Platform. Data provided to our KYC provider is governed by our KYC provider’s privacy policy.
  • Xterio customers. We may share some information about you with the Game Entities whose Games and/or services we make available, support or who use the Platform to provide the ability to conduct transactions relating to their Games.
  • Analytics partners. We use analytics services such as Google Analytics to collect and process certain analytics data. These services also may collect information about your use of other websites, apps, and online resources. You can learn more about Google’s practices by visiting Google’s website. To help us understand how you use the Services and to help us improve them, we automatically receive information about your interactions with the Services, like the pages or content you view and the dates and times of your visits.
  • Our insurers, auditors, lawyers and other professional advisers;
  • Credit reference agencies;
  • As required by law and similar disclosures. We may access, preserve, and disclose your information if we believe doing so is required or appropriate to: (a) comply with law enforcement requests from any applicable jurisdiction and legal or regulatory process, such as a regulator request, court order, civil discovery request, warrants or subpoena; (b) respond to your requests; or (c) protect your, our, or others’ rights, property, or safety.
  • Sale or other asset transfers. We may transfer your information to service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a corporate transaction in which we sell, merge, acquire, liquidate, or transfer all or a portion of our assets, or if we undergo a re-organisation with that entity. The use of your information following any of these events will be governed by the provisions of this Privacy Policy and any applicable laws in effect at the time the applicable information was transferred.

4.LEGAL BASES FOR PROCESSING YOUR PERSONAL INFORMATION

There are a number of different legal grounds for processing personal information. To the extent required by applicable law and depending on how we are using your information, we may rely on the following legal bases for processing your personal information:

  • Consent. With your consent.
  • Contract. Our use of your personal information is necessary to perform the contracts with and provide the Services to you.
  • Legitimate interests. For the legitimate interests of Xterio, such as in connection with security or improvements.
  • To comply with relevant legal obligations, such as KYC and AML and other laws, rules or regulations.

What does each legal basis mean?

Consent: You have given clear consent to process your personal data for a specific purpose. You can choose to withdraw your consent using specific features provided to enable you to withdraw consent, like an email ’unsubscribe’ link or your account privacy preferences.

Contract: Processing your data is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.

Legitimate interests: Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests. These legitimate interests are:

  • gaining insights from your behavior on our Site or Platform
  • delivering, developing, and improving the Services
  • enabling us to enhance, customize or modify our Services and Platform
  • determining whether marketing campaigns are effective
  • enhancing data security

In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests In relation to any processing of ’special categories’ of personal data (including information regarding your health, religious or political beliefs, ethnic background, sexual life and sexual orientation) we will generally rely on obtaining specific consent from you at the time we collect the information unless there is a legal requirement or other justification for processing that information.

Our Platform and the Games are not intended for users under the age of 13 and we do not knowingly collect data relating to children under 13.

5.CHOICES REGARDING YOUR INFORMATION

You have certain choices with respect to the information we collect about you. You can turn off cookies in your browser by changing its settings: you can block cookies by activating a setting on your browser allowing you to refuse cookies, and you can also delete cookies through your browser settings. You can ask us not to use your data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for marketing and if third parties are involved. You can opt out from marketing communications and promotional email through the ’unsubscribe’ link provided in the email, or by emailing us at privacy@xter.io.

6.THIRD PARTY WEBSITES AND SERVICES

The Services may contain links to other websites, products, or services that we do not own or operate. These third-party services may include, but are not limited to, Games, storefronts, marketplaces, and digital currency services operated by developers and other third parties. We are not responsible for the privacy practices of these third parties who themselves would act as controllers for information that is provided in those contexts. For the avoidance of doubt, this includes any Game developer or publisher which Xterio works with. Any account you have directly with such developer or publisher is governed entirely by them, and Xterio has no control or input into it. Please be aware that this Privacy Policy does not apply to your activities on these third-party services or any information you disclose to these third parties. We encourage you to read their privacy policies before providing any information to them.

7.SECURITY & RETENTION

We make reasonable efforts to protect your information by implementing and maintaining appropriate technical and organizational measures to safeguard the information we maintain. We will retain your personal information until the sooner of (i) the information being no longer necessary to accomplish the purpose for which it was provided, (ii) there being no ongoing business reason to keep the information, or (iii) until you request that your account be deleted. We may retain your information for longer periods for specific purposes to the extent that we are obliged to do so in accordance with applicable laws and regulations and/or as necessary to protect our legal rights or for certain business requirements.

8.INTERNATIONAL VISITORS & DATA TRANSFERS

We may transfer your personal data to our service providers or third parties which may be located outside the European Economic Area (EEA) and the United Kingdom (UK), which countries may offer a lower level of data protection than in the EEA and UK. However, before we do so, we will take necessary steps to ensure that your personal data will be given adequate protection as required by relevant data privacy laws. Any personal data transfer from the EEA to third parties outside the EEA and the UK will be based on an adequacy decision or are governed by standard contractual clauses and will take place in accordance with appropriate international data transfer mechanisms and standards. Where we use providers based in the United States, we will check whether the suppliers can host the data within the European Union (EU) countries. If this is not possible, we ensure that the standard contractual clauses will be in place before transferring any personal data.

9.EEA AND UK DATA SUBJECT RIGHTS

You can exercise your rights by sending us an email at privacy@xter.io. You are not required to pay a fee for exercising your rights, and if you make a request, we have 30 calendar days to respond to you. Notwithstanding the foregoing, we may charge a ’reasonable fee’ for the administrative costs of complying with a request if it is manifestly unfounded or excessive, or if an individual requests further copies of their data. Also, the time period may be extended by an additional two months if the request is complex or if we receive a number of requests from the same individual. Please note that we may verify your identity before we are able to process any of the requests described in this Section, and in our discretion, deny your request if we are unable to verify your identity.

Under various data protection laws, your rights generally include the following:

  • The Right of Access
    • You have the right to ask us for copies of your personal information
  • The Right to Data Portability
    • You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.
  • The Right to Rectification/Correction
    • You have the right to ask us to correct information you think is inaccurate, and to ask us to complete information you think is incomplete.
  • The Right to Erasure/Deletion
    • You have the right to ask us to erase your personal information in certain circumstances.
  • The Right to Restrict Processing
    • You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • The Right to Object to Processing
    • You have the right to object to the processing of your personal data in certain circumstances.
  • The Right to Lodge a Complaint
    • You can file a complaint regarding our use of your data directly with Xterio by emailing us at privacy@xter.io or by contacting our UK and EU representatives.

We have appointed GRCI Law Limited to act as our UK representative (“UK Representative“). If you wish to exercise your rights under the UK General Data Protection Regulation (UK GDPR) or have any queries in relation to your rights or privacy matters generally, please email our UK Representative at ukrep@grcilaw.com. Please include the name of our company when contacting our UK Representative.

We also have appointed IT Governance Europe Limited to act as our EU representative (“EU Representative“). If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR), or have any queries in relation to your rights or general privacy matters, please email our EU Representative at eurep@itgovernance.eu. Please include our company name in any correspondence you send to our EU Representative.

If your request or concern is not satisfactorily resolved by us, you may approach your local EU data protection authority: https://edpb.europa.eu/about-edpb/about-edpb/members_en. If you are located in the UK, you can approach the ICO: Information Commissioner’s Office, https://www.ico.org.uk.

10.CALIFORNIA PRIVACY RIGHTS NOTICE

The California Privacy Rights Notice supplements this Policy and applies to California residents (“California Consumer“). This serves as notice under the California Consumer Privacy Act (“Act“ or “CCPA“) of the categories of personal information we have collected from California Consumers in the past 12 months.

Category Examples Collected

A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol (IP) address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.

C. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchase or consumption histories or tendencies.

D. Internet or other similar network activity. Browsing history, search history, information on an individual’s interaction with a website, application, or advertisement.

E. Geolocation data. Physical location or movements.

See Section 2 - HOW WE USE THE INFORMATION WE COLLECT for details on why we collect and process personal information.

We obtain the categories of personal information listed above from the following categories of sources:

  • From individuals, directly
  • From advertising networks, government entities, social networks, and data brokers
  • From Game Entities
  • From service providers including digital asset wallet providers, payment processors, internet service providers, and data analytics providers

We may disclose your personal information to a third party for a business purpose and when we do so, we enter into a contract describing the purpose for sharing the data. This contract also requires the recipient party to keep the personal information confidential and not use it for any other purpose except as described by the contract. We disclose your personal information for a business purpose to the following categories of third parties:

  • Service providers
  • Game Entities
  • Digital asset wallet providers
  • Payment processors
  • Data analytics providers

In the preceding twelve (12) months, we have not sold any personal information.

If you are a California Consumer, the CCPA provides specific rights regarding your personal information.

Right To Know & Data Portability

You may request that Xterio discloses to you what personal information we have collected, used, and shared, and why we collected, used, or shared that information. Specifically, you may request that we disclose:

  • The categories of personal information collected
  • Specific pieces of personal information collected
  • The categories of sources from which we collected personal information
  • The purposes for which we use the personal information
  • The categories of third parties with whom we share the personal information
  • The categories of information that we disclose to third parties

You may also request that we provide you a copy of your personal information in a readily portable format.

Right to Delete

You have the right to request we delete any of your personal information we collected from you and retained, subject to certain exceptions. Once we receive and confirm your request, we will delete, and direct our service providers to delete, your personal information from our/their records, unless an exception under the CCPA applies.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights.

Methods For Submitting Request

You can only make two ’requests to know’ in a 12-month period, and the information provided need only cover the 12-month period prior to receipt of your request. You may submit ’requests to know’ and ’requests to delete’ by sending an email to privacy@xter.io (’requests to know’ and ’requests to delete’ collectively, “Requests“; and each, a “Request“).

Verification of Requests

We will need to verify your identity to respond to Requests. We cannot respond to your Request or provide you with personal information if we cannot verify your identity or your authority to make the Request and confirm the personal information relates to you. Making a verifiable Request does not require you to create an account with us. We will only use personal information provided in a Request to verify the requestor’s identity and/or authority to make the Request.

Time for Response

Please note that once you have submitted a ’request to know’ or ’request to delete’, we will send you a receipt, acknowledging your Request, within 10 business days. If, for some reason, you do not receive such a receipt within 10 business days of your submitted Request, please send us an email to privacy@xter.io as an error may have occurred. We make every effort to respond to ’requests to know’ and ’requests to delete’ within 45 calendar days after they are received, but if necessary, we may take up to an additional 45 calendar days to respond to your Request. If we require the extra time (up to 90 calendar days), we will inform you of the reason and extension period in writing.

No Sale of Personal Information - California and Nevada Law

We do not sell your personal information as defined under California and Nevada law and therefore are not required to provide an opt-out.

Authorized Agent

As a California resident, you have the right to designate an agent to exercise these rights on your behalf. We may require proof that you have designated the authorized agent to act on your behalf and to verify your identity directly with us. Please contact us at privacy@xter.io for more information if you wish to submit a request through an authorized agent.

11.CHILDREN’S PRIVACY

We do not knowingly collect, maintain, or use personal information from children under 13 years of age, and no part of our Services are directed to children. If you learn that a child has provided us with personal information in violation of this Privacy Policy, then you may alert us at privacy@xter.io. If we become aware that a person under the age of 13 has provided us with personal data without verification and parental consent, we will work to delete such personal data immediately.

12.CHANGES TO THIS PRIVACY POLICY

On occasion, we may update and change this Privacy Policy to reflect changes in law, our personal data collection and use practices, the features available through the Services or advances in technology. The changes will not be retroactive and the most current version of this Privacy Policy will be made available on our site at https://xter.io/privacy-policy. The revised Privacy Policy shall be effective immediately upon publication of the same on our site at https://xter.io/privacy-policy. It is your responsibility to check regularly for any updates or changes to this Privacy Policy.

13.CONTACT US

If you have questions, comments, or concerns about your personal data, or privacy, or this Privacy Policy, please contact us at privacy@xter.io.

FAQTERMS OF SERVICEPRIVACY POLICY
© Copyright 2024 Xterio Labs Limited. Xterio is the registered trademark of Xterio Foundation. All rights reserved.