Menu

Privacy Policy

Last updated: 23 July 2024

INTRODUCTION

Your privacy and transparency about how we collect, use, and share information about you are important to us. This policy is intended to help you understand the following:

This Privacy Policy covers the information we collect about you when you use our products or services or otherwise interact with us (for example, by attending our events) unless a different policy is displayed.

We refer to our games together with our websites as “Services” in this policy.

OUR POLICY TOWARDS CHILDREN

We respect the privacy of children and encourage parents and guardians to take an active role in managing their children's online activities. If you are aged under 18, please make sure you have consent from your parent and/or guardian before using the Services. Some of our Services are not available for use by children, and we do not knowingly collect personal information from children in connection with those Services. Our Children’s Privacy Policy outline can be found here.

1. IMPORTANT INFORMATION AND WHO WE ARE

PURPOSE OF THIS PRIVACY POLICY

This Privacy Policy aims to give you information on how Frontier Developments plc collects and processes your personal data through your interactions with us, use of our games, through our websites, including any data you may provide when you sign up to play any of our games, subscribe to our newsletter, purchase a product or service, engage with our customer support team or take part in a competition or a survey.

You must read this Privacy Policy and any other policies we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. We keep this Privacy Policy under regular review and update it to ensure it accurately reflects our data processing practices. Please review this Privacy Policy regularly to ensure you are aware of any changes. This Privacy Policy supplements the other policies and is not intended to override them.

CONTROLLER

Frontier Developments plc acts as the data controller and is responsible for your personal data (collectively referred to as “we”, “us”, or “our” in this Privacy Policy).

We have appointed an external data protection officer (DPO) responsible for overseeing questions concerning this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact the external DPO using the details below.

CONTACT DETAILS

Our full details are:

Company: Frontier Developments plc
Registered Office Address: 26 Cambridge Science Park, Milton Road, Cambridge, England, CB4 0FP

Name of external Data Protection Officer: Robert Healey

United Kingdom:

Formiti Data International UK Ltd
Grosvenor House,
11 St Pauls Square,
Birmingham,
B3 1RB
Email: dataprotection@frontier.co.uk

European Union Representative:

Formiti Data International
6 Fern Road,
Dublin,
D18 FP98,
Ireland
Email: eurepservice@formiti.com

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number or using the details at https://ico.org.uk/make-a-complaint.

If you are a customer within the EU, you can file a complaint to your local member state data protection authority listed here.

Although you are not required to contact us first, we would appreciate the chance to deal with your concerns before you approach the ICO or national DPA, so please contact us in the first instance.

YOUR DUTY TO INFORM US OF CHANGES

It is essential that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us or if you are aware that any personal data we hold is inaccurate.

THIRD PARTY LINKS

Our Services may include links to third party websites, plug-ins, and applications. Clicking or enabling those links may allow third parties to collect or share your data. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

2. THE DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

  • Identity Data includes but is not limited to first name, last name, username or similar identifier, title, and date of birth.
  • Contact Data includes billing, residential, and email addresses and telephone numbers.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data (commonly known as online identifiers) includes internet protocol (IP) address, your login data, browser type and version, time zone setting and geolocation, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Services.
  • Profile Data includes your login details, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
  • Usage Data includes information about how you use our Services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties, news about our products and your communication preferences.

If you decide to make a payment for any of our products and services, your Financial Data, which includes your bank account and payment card details, will be collected and processed by Frontier Developments plc’s payment partners or that of your chosen third party storefront. We will not have access to, collect, use, store or transfer your Financial Data.

We also collect, use, and share Aggregated Data, such as statistical or demographic data, for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this Privacy Policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). We do not collect any information about criminal convictions and offences.

IF YOU FAIL TO PROVIDE PERSONAL DATA

Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with access to one of our games). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

3. HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you, including, but not limited to:

Direct interactions. You may give us your Identity Data, Contact Data, Profile Data and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you interact with us in ways such as:

  • purchase our products or services;
  • create an account on our websites or play our games;
  • subscribe to our services;
  • request marketing to be sent to you;
  • request support for our products;
  • enter a competition, promotion, or survey; or
  • give us some feedback.

Automated technologies or interactions. As you interact with our Services, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data using cookies, pixels, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our Cookie Policy link in the footer of each of our websites for further details.

Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:

Technical Data from the following parties:

  • analytics providers such as Google based inside AND outside the UK, EU and EAA;
  • advertising networks such as Facebook/Meta based inside AND outside the UK, EU and EAA;
  • search information providers such as Google based inside AND outside the UK, EU and EAA;
  • Contact and Transaction Data from technical, payment and delivery service providers based inside AND outside the UK, EU and EAA;
  • Identity and Contact Data from data brokers or aggregators based inside AND outside the UK, EU and EAA and/or;
  • Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK, EU and EAA.

4. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • For the performance of a contract, we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights, do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you. You have the right to withdraw consent to marketing at any time by contacting us. The withdrawal of consent will not affect the lawfulness of any processing that took place before the withdrawal.

WHY WE USE YOUR PERSONAL DATA

The table below sets out all the ways we may use your personal data and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data.

  • Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience.
    We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests.
    We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
    By contacting us, you can obtain further information about how we assess our legitimate interests against any potential impact on you regarding specific activities.
  • Performance of a Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
  • Complying with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
  • Explicit consent for external marketing means your personal data will not be disclosed to any third party unless you have given explicit consent.
Purpose/Activity Type Of Data Lawful Basis of Processing
To register you as a new customer or modify your account (a) Identity (b) Contact (c) Technical (d) Profile (e) Usage (a) Performance of a contract with you
To process and deliver your order, including:
(a) Manage payments, fees and charges (b) Obtain consent for marketing activities performed by third parties		 (a) Identity (b) Contact (c) Transaction (d) Marketing and Communications (a) Performance of a contract with you (b) Explicit consent
To manage our relationship with you, including:
(a) Notifying you about changes to our terms or Privacy Policy (b) Asking you to leave a review or take a survey		 (a) Identity (b) Contact (c) Profile (d) Marketing and Communications (a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to partake in a prize draw competition or complete a survey (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and provide our Services to you (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity (b) Contact (c) Technical (d) Transaction (e) Profile (f) Usage (a) Performance of a contract with you (b) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (c) Necessary to comply with a legal obligation (d) Necessary for our legitimate interests to detect or prevent unlawful acts
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (a) Identity (b) Contact (c) Technical (d) Profile (e) Usage (f) Marketing and Communications (a) Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our Services, products, marketing, customer relationships and experiences (a) Technical (b) Profile (c) Usage (d) Marketing and Communications (a) Necessary for our legitimate interests (to define types of customers for our products and services, to keep our Services updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity (b) Contact (c) Technical (d) Profile (e) Usage (a) Necessary for our legitimate interests (to develop our products/services and grow our business)
To ask you to take part in research to improve our game platform (a) Identity (b) Contact (c) Technical (d) Transaction (e) Profile (f) Usage (a) Necessary for our legitimate interests (to develop our products/services and grow our business)
To process your job application to work with us (see Applicant Privacy Policy) (a) Identity (b) Contact (a) Performance of a contract with you
To facilitate a duty of care to you (a) Identity (b) Contact (c) Transaction (d) Profile (e) Usage (a) Necessary for our legitimate interest (to help you manage aspects of your activities when interacting with our products/services)

MARKETING

We provide you with choices regarding our use of your personal data for marketing and advertising purposes. We have established the following personal data control mechanism:

You will receive marketing communications if you have subscribed for an account with us or purchased goods or services from us and have yet to opt out of receiving that marketing. Our marketing communications contain an unsubscribe option, and you can use this at any time. Please note that the opt-out will not affect the lawfulness of processing that has taken place before the opt-out. Our marketing data processors can be found below:

Marketing Data Processor Activity Purpose Categories Of Personal Data Privacy Policy
MIQ Programmatic Advertising Use of email data to target across websites
Use of email data to create lookalike audiences for targeted ads
Pixel tracking on Frontier websites to serve personalised advertising		 Anonymised advertising profiles created from website activity
Anonymised IDs created from email address		 Link
StackAdapt Programmatic Advertising Use of email data to target across websites
Use of email data to create lookalike audiences for targeted ads
Pixel tracking on Frontier websites to serve personalised advertising		 Anonymised advertising profiles created from website activity
Anonymised IDs created from email address		 Link
Google Ads Performance Advertising Use of email data to target across websites
Use of email data to create lookalike audiences for targeted ads
Pixel tracking on Frontier websites to serve personalised advertising		 Anonymised advertising profiles created from website activity
Anonymised IDs created from email address		 Link
Meta (Facebook & Instagram) Performance Advertising Use of email data to target across websites
Use of email data to create lookalike audiences for targeted ads
Pixel tracking on Frontier websites to serve personalised advertising		 Anonymised advertising profiles created from website activity
Anonymised IDs created from email address		 Link
Reddit Performance Advertising Use of email data to target across websites
Use of email data to create lookalike audiences for targeted ads
Pixel tracking on Frontier websites to serve personalised advertising		 Anonymised advertising profiles created from website activity
Anonymised IDs created from email address		 Link
TikTok Performance Advertising Use of email data to target across websites
Use of email data to create lookalike audiences for targeted ads
Pixel tracking on Frontier websites to serve personalised advertising		 Anonymised advertising profiles created from website activity
Anonymised IDs created from email address		 Link
X Performance Advertising Use of email data to target across websites
Use of email data to create lookalike audiences for targeted ads
Pixel tracking on Frontier websites to serve personalised advertising		 Anonymised advertising profiles created from website activity
Anonymised IDs created from email address		 Link
Gleam Competitions & Giveaways Enables Frontier to collect customer data for competitions and giveaways Name, Age, Country Of Residence, Postal Address, Email Address, Social Media, Username, Telephone Number Link
HubSpot CRM Email Marketing Enables Frontier to send marketing emails to opted in subscribers Name, Country Of Residence, Email Link

THIRD PARTY MARKETING

We will obtain your explicit opt-in consent before we share your personal data with any company outside Frontier Developments plc for marketing purposes.

COOKIES

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our websites may become inaccessible or malfunction. For more information about the cookies we use, please see the Cookie Policy at the bottom of each website page.

CHANGE OF PURPOSE

We will only use your personal data for the purposes we collected it unless we consider that we need to use it for another reason, and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and obtain your consent to do so.

Please note that we may process your personal data without your knowledge or consent in compliance with the above rules where this is required or permitted by law.

5. WHO WE SHARE YOUR PERSONAL DATA WITH

We may share your personal data with third parties set out below for the purposes in the table in section 4 above.

We may seek to acquire or merge with other businesses, or our business or part of our business may be sold. If a change happens to our business, then your personal data may be disclosed to our advisers, and those of any prospective purchaser or partner, and the new owners or partners may use your personal data in the same way as set out in this Privacy Policy.

Your data will only be disclosed for the purposes identified in this Privacy Policy (as may be updated from time to time) unless a law or regulation specifically allows or requires otherwise.

We require all third parties to respect the security of your personal data and treat it according to the law.

We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

All our third party processing partners are vetted under our third party due diligence process and have signed data processor contracts with us.

Sharing With Other Service Users

When you use the Services, we share certain information about you with other Service users.

Game interactions

We publish online games which require Service users to have a username. This username is shared with other players for purposes such as but not limited to:

  • Adding other players as friends
  • Allowing for in-game interaction via chat and text functionality
  • Rewarding for an in-game achievement

Certain features within our games make game data public on other Services. The information made public varies between games and features. Players may sometimes prevent this information from being made public by not using the specific feature. Otherwise, players will need to stop using the game in its entirety.

Community Forums

Our websites offer publicly accessible blogs, forums and issue trackers, e.g., Frontier Forums. You should be aware that any information you provide on these websites – including profile information associated with the account you use to post the information, may be read, collected, and used by any member of the public who accesses these websites.

Your posts and profile information may remain even after you terminate your account. We strongly recommend you consider the sensitivity of any information you input into these Services.

To request removal of your information from publicly accessible websites operated by us, please contact us as detailed below. In some cases we may not be able to remove your information but we will let you know why if this is the case if able to do so.

Sharing with Third Party Developers

We share information collected automatically through your use of a published Service with the Third Party Developer of that published Service. This is only for the Research and Development purposes outlined in this Privacy Policy.

Sharing with Licence Holders

We share information we collect from you on our Services and social media fan pages with the associated IP partner for the same usage purposes as outlined in this Privacy Policy.

Sharing With Affiliated Companies

We share the information we collect with affiliated companies. Affiliated companies are companies owned or operated by us. The protections of this Privacy Policy apply to the information we share in these circumstances.

6. INTERNATIONAL TRANSFERS

Some of our external third parties are based outside the UK and the European Economic Area (EEA), so their processing of your personal data will involve a transfer of data outside the UK and the EEA.

Whenever we transfer your personal data out of the UK and the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries deemed to provide adequate protection for personal data by the UK Secretary of State or the European Commission (as appropriate).
  • Appropriate safeguards are in place in accordance with data protection laws. These safeguards include using standard contractual clauses/data protection clauses approved by the UK Secretary of State or the European Commission (as appropriate) or binding corporate rules.
  • The transfer is otherwise allowed under data protection laws (including where we have your consent or the transfer is necessary for the performance of a contract with you).

Data Privacy Frameworks

Frontier Developments plc complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the U.K. Extension to the EU-U.S. DPF and the Swiss-U.S. Data Privacy Framework and (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

If there is any conflict between the terms in this Privacy Policy and the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles, the Principles shall prevail.

7. DATA SECURITY

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, disclosed or unavailable. In addition, we limit access to your personal data to those employees, agents, professional advisers, contractors and other third parties who have a business need to know on the principle of least privilege (PoLP).

They will only process your personal data on our instructions and are subject to a duty of confidentiality. We periodically review all privacy and security policies and update them, when necessary, in line with changes in data protection laws or when new technologies are introduced into our business.

Where the introduction of new technologies results in a high risk to your personal data, we will perform a data protection impact assessment and will only proceed if we are able to mitigate any identified high risks. Methods of collecting personal data are reviewed by management before they are implemented to confirm that personal data is obtained as follows:

  1. fairly, without intimidation or deception, and
  2. lawfully, adhering to all relevant rules of law, whether derived from statute or common law, relating to the collection of personal data.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. HOW LONG WILL YOU RETAIN MY PERSONAL DATA FOR?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six tax years plus the current tax year as part of our legal obligations to do so.

In some circumstances you can ask us to delete your data, see section 9 below for further information.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes. We may use this information indefinitely without further notice to you.

9. YOUR LEGAL RIGHTS

Under certain applicable laws (including UK and EU data protection laws) and under certain circumstances, you have rights in relation to your personal data. We set out below a brief description of such rights:

  1. To be informed: Individuals have the right to be informed about collecting and using their personal data. This is a key transparency requirement under UK and EU data protection laws. This Privacy Policy and our Cookie Policy meet this requirement.
  2. Request access to your personal data (commonly known as a “data subject access request”): This enables you to receive a copy of the personal data we hold about you subject to certain exemptions.
  3. Request rectification of your personal data: This enables you to correct any incomplete or inaccurate data we hold about you, though we may need to verify the accuracy of the new data you provide.
  4. Request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we have a legal obligation to erase your personal data. Note, however, that the right to request erasure is not absolute, and there are circumstances where we do not need to comply with the request, which will be notified to you, if applicable, at the time of your request.
  5. Object to processing of your personal data: This enables you to object to processing where we rely on our legitimate interest (or those of a third party) to process your personal data or where we are processing your personal data for scientific or historical research or statistical purposes. We do not need to stop processing if we can give strong and legitimate reasons to continue processing your personal data. You also have the right to object where we are processing your personal data for direct marketing purposes. This is an absolute right but does not automatically mean that we need to erase all of your personal data, and in particular, we may put your details on a suppression list to ensure we do not send you direct marketing in the future.
  6. Request restriction of processing your personal data: This enables you to ask us to suspend the processing of your personal data in certain scenarios, including (a) if you want us to establish the data’s accuracy or (b) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
  7. Request the transfer of your personal data to you or a third party: We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to personal data you provided to us, which you initially provided consent for us to use or where we used the personal data to perform, or take steps before performing, a contract with you and where the processing is automated.
  8. Withdraw consent at any time: we rely on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not provide you with certain products or services. We will advise you if this is the case when you withdraw your consent.

We describe the tools and processes for making these requests below. You can exercise some of these rights by logging into the Services and using settings available within the Service or your account.

Your request and rights may be limited in certain cases. For example, if fulfilling your request would reveal information about another person, or if you ask to delete the information we are permitted to by law or have a compelling legitimate interest to keep.

If you have unresolved concerns, you have the right to complain to a supervisory authority in the country where you live, work, or feel your rights were infringed.

Please note that the above rights are not all absolute and may be subject to conditions and provisions set out in applicable data protection laws. For further information or if you wish to exercise any of the rights set out above, please contact us at dataprotection@frontier.co.uk.

When contacting us please:

  • provide enough information to identify yourself and any additional identity information we may reasonably request from you; and
  • let us know which right(s) you want to exercise and the information to which your request relates.

ACCESS AND UPDATE YOUR INFORMATION

Our Services give you the ability to access and update certain information about you from within the Account Dashboard of the Frontier Store.

NO FEE USUALLY REQUIRED

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

WHAT WE MAY NEED FROM YOU

We may request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to anyone with no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

TIME LIMIT TO RESPOND

We respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests, in which case we will inform you of an extension period of up to 2 months. In this case, we will keep you informed on the progress.

10. CALIFORNIA RESIDENTS ONLY: YOUR CALIFORNIA PRIVACY RIGHTS

Please note that the contents below in this section 10 are additional information that only applies to California residents.

The California Consumer Privacy Act (also called the "CCPA") is a privacy-centric bill protecting the privacy of California consumers that came into effect on 1 January 2020.

On 1 January 2023, the California Privacy Rights Act (“CPRA”) entered into law and amended the CCPA, including limitations and regulations originally enforced by the CCPA. In addition, it added specific types of new amendments to each category covered by the CCPA, enabling a more comprehensive overview of data privacy. The California Privacy Protection Agency will regulate the CPRA.

Under the CCPA, California residents may have certain data protection rights regarding their personal information (also referred to in this Privacy Policy as personal data).

These rights may be subject to certain limitations and/or restrictions.

Where there is a conflict between this section and any other section of this Privacy Policy, this section 10 shall prevail.

RIGHT TO KNOW

If you are a California resident, you may submit free of charge, but not more than twice in a 12-month period, a verifiable request for us to disclose certain information to you about our collection and use of your personal information in the preceding 12 months including:

  • The specific pieces of personal information we have about you.
  • The categories of personal information we have collected or disclosed for a business purpose about you within the last 12 months.
  • The categories of sources from which the personal information was collected.
  • The business and/or commercial purposes for collecting and selling the personal information.
  • The categories of third parties to whom the personal information was disclosed for a business purpose or otherwise shared.
  • If we sold your personal information, the categories of personal information that we sold and the categories of third parties to whom the personal information was sold.

In sections 2, 3, 4 and 5 of this Privacy Policy, we describe the personal information (personal data) we collect about you, how your personal information is collected, how we use your personal information and who we disclose or share your personal information with. We have also set out information regarding the sale of your personal information in the section below headed "Right to Opt-Out/Do Not Sell".

To submit a request, please see the "Exercising your rights" section below.

Within ten days of receipt of your request, we will confirm receipt of your request. We will verify your identity as a resident of the state of California and contact you to request that information. If we cannot verify your identity, we will deny your request. If we deny your request, even if only in part, we will explain the reason in our response.

Once we have verified your identity and determined that your request is a verifiable consumer request, we will provide a substantive response within 45 days of receipt unless we need more time, in which case we will notify you.

RIGHT TO DELETE

If you are a California resident, you may submit a verifiable request for us to delete any personal information we have collected about you.

Within ten days of receipt, we will confirm receipt of your request. We will verify your identity as a resident of the state of California and contact you to request that information. If we cannot verify your identity, we will deny your request.

There are also some exemptions to the right to request deletion of personal information. If we deny your request, even if only in part, we will explain the reason in our response.

Once we have verified your identity, we will provide a substantive response within 45 days of receipt of the request unless we need more time, in which case we will notify you.

RIGHT TO OPT-OUT / DO NOT SELL

California residents may opt out of the "sale" of their personal information, as defined by the CCPA. This does not include when:

  • You direct us to disclose your personal information or use us to interact with a third party, and the third party does not sell the personal information.
  • We use or share an identifier solely to alert a third party that you have opted out of the sale of your personal information.
  • Your personal information is transferred as an asset, as part of a transaction in which the third party assumes control of all or part of our business, in which case the third party will have to tell you in writing if it materially changes how the information is used or shared,
  • We use or share your personal information under a written contract with a service provider necessary for business purposes. Here, the service that the service provider performs is on our behalf, and our written contract prohibits it from keeping, using or disclosing your personal information for any purpose other than for the specific purpose identified in the contract.

Under the CCPA, the definition of “sale” is expansive. It includes transferring or sharing personal information with a third party for any value, even if the information is not sold for monetary value. Frontier Developments plc does not sell personal information for monetary value, but we sometimes share it with third parties as part of a mutually beneficial business relationship for marketing purposes. We refer to sharing personal information as following the meaning of sale for CCPA purposes.

You have the right to opt out of the sale or transfer of your personal information by submitting a request to us as explained in the section below "Exercising Your Rights".

Within 15 days of receipt of your request, we will act upon your request. We will verify your identity as a resident of the state of California and contact you to request that information. If we cannot verify your identity, we will deny your request. If we deny your request, even if only in part, we will explain the reason in our response.

Once we have verified your identity, we will notify all third parties to whom we have sold or transferred your personal information within 90 days of receipt of your request.

Please note that personal information may sometimes be collected through the use of cookies and other similar technologies and shared with third parties to deliver advertisements tailored to your interests based on your online activity.

For further information and details on how to opt out, please see section 4 above and our Cookie Policy or visit the Network Advertising Initiative.

RIGHT TO BE FREE FROM DISCRIMINATION

We may not discriminate against you because you have chosen to exercise your rights, including, for example, by denying you access to our online services or charging you different rates or prices for the same online services, unless that difference is reasonably related to the value provided by your data.

EXERCISING YOUR RIGHTS

To submit a verifiable request to exercise any of your rights (including your right to opt out of the sale of your personal information) or otherwise contact us for more information about how to exercise your rights, please email us at dataprotection@frontier.co.uk or use our online web form CCPA request.

In order to help us to deal with any email request promptly and efficiently, please include "Your California Privacy Rights" in the subject field and state your right to know, deletion or opt-out (as appropriate).

If you would like to designate an authorised agent to make a request on your behalf, please be sure the agent is able to:

  • demonstrate you have provided written permission for the agent to submit the request on your behalf; and
  • provide proof of his or her own identity.

We will deny the request if the agent does not satisfy these requirements. We have the right to verify with you that you want to take the action requested by the agent.

11. POLICY UPDATES

We may change this Privacy Policy from time to time. Policies and procedures are reviewed and compared to the requirements of applicable laws and regulations at least annually, and whenever changes to such laws and regulations are made, privacy policies and procedures are revised to conform with the requirements of applicable laws and regulations.