Privacy Policy - 404 Not Found

XandorXerxes

Publishers,

The terms and conditions of the sweepstakes says that the information submitted in this sweepstakes is subject to your privacy policy. Following the link (d3go.com/legals/) I get to a section called "Privacy Policy" which redirects me to another link (d3p.us/privacy.html). However, that last link is returning a 404 for me - I cannot read your privacy policy.

I am assuming that D3 will use my information for it's own data-mining purposes and might even sell it to its partners. I would like to personally iterate that I feel this violates another part of the official rules - that there is no cost to enter or to win. Unless your privacy policy (that I do not have access to) explicitly states that you will not use my information for anything except contacting me for service for my account or in the event that I win, you are using my information for your monetary gain. The value of my data, ergo, is the price I would be forced to pay to enter. I understand that to some people, their personally identifiable information such as email and birth date is not worth much. It is, however, worth something - and to those who share my mentality, it's worth a lot.

I am not a lawyer, I merely wish to point out that the privacy policy is not accessible and that I continue to value my personal data and do not consider it worthless.

Thank you,

Me

David [Hi-Fi] Moore

Hi,

Thanks for the info. Looks like you are accessing an out of date link, but I'm not sure why you are seeing that.

If you go to https://d3go.com/legals/ the privacy policy is right there and available on drop-down tabs. You can select "ONLINE PRIVACY POLICY" and "MOBILE PRIVACY POLICY" to access the information you might need.

XandorXerxes

David,

Thank you for the response! I see the tabs you are talking about, I will review them there. As for the old link, if you scroll down on the page you linked me, you will see what I was looking at earlier:

INDEMNIFICATIONS

You agree to indemnify, defend and hold D3Publisher, its parent, subsidiaries, affiliates and their respective officers, directors, owners, employees, agents, information providers, licensors, and licensees (collectively, the “D3Publisher Parties”) harmless from and against any and all claims, liability, losses, costs and expenses (including reasonable attorneys’ fees) incurred by any D3Publisher Party in connection with any use or alleged use by you of the chat rooms, bulletin boards, or other user forums of this Site, or any unauthorized, illegal, or infringing use of this Site by you. D3Publisher reserves the right, at its own expense, to assume the exclusive defense and control of any matter otherwise subject to indemnification by you, and in such case, you agree to cooperate with D3Publisher’s defense of such claim.

PRIVACY POLICY

These Terms of Use are subject to D3Publisher’s Privacy Policy at www.d3p.us/privacy.html

GENERAL

You should be aware that when you are on the Site, you could be directed to other sites that are beyond its control. There may be links to other sites from D3Publisher that take you outside D3Publisher’s service. These links are for convenience only and you access them at your own risk. We take no responsibility and assume no liability for any content provided from such outside sources or for any mistakes, defamation, libel, slander, omissions, falsehoods, obscenity, pornography, or profanity contained therein. (etc.)

David [Hi-Fi] Moore

XandorXerxes wrote:

David, Thank you for the response! I see the tabs you are talking about, I will review them there. As for the old link, if you scroll down on the page you linked me, you will see what I was looking at earlier...

Ah, got it. Thanks for letting us know.

_RiO_

"David wrote:

Moore"]Hi,

Thanks for the info. Looks like you are accessing an out of date link, but I'm not sure why you are seeing that.

If you go to https://d3go.com/legals/ the privacy policy is right there and available on drop-down tabs. You can select "ONLINE PRIVACY POLICY" and "MOBILE PRIVACY POLICY" to access the information you might need.

I'm strangely missing a privacy policy aimed at non-mobile applications, i.e. , the Steam / Windows PC port of Marvel Puzzle Quest. Technically that means you're not asking for any kind of consent for data collection from those users, period, which atleast in the EU makes it highly illegal to do so.

For your EU customers, you should really update those documents to account for EU guidelines. It doesn't even take a competent lawyer to shoot potshots of a mile wide in those policies and regulations. Next to disregard for general EU regulations, I also fail to see any kind of mention of binding corporate rules (BCRs) to replace the now-defunct EU Safe Harbor regulations. Lack of suitable BCRs makes it illegal for your company to collect any data from EU customers no matter if they're using your website, mobile apps, or PC applications.

It's not the first time I'm mentioning that your policies have these issues either...

Mawtful

I'm pretty sure that their policy states that they are going to sell that information to anyone and everyone.

atomzed

Such privacy policy is not new.

All lucky draws, be it digital or traditional ones, come with a clause that states that they can use the information you filled up.

It has been around for the longest of time.

XandorXerxes

Edit: I state this later, but just to be upfront - I am not a lawyer, don't take this for legal advice, don't get blame me or get me fired if you do.

Mawtful wrote:

I'm pretty sure that their policy states that they are going to sell that information to anyone and everyone.

To give credit where it is due, their privacy policy is actually comparatively ok. That may say more about the comparisons than their privacy policy. Obviously I still post on the forums and play the game, so anything I say against it should be weighed with that in mind. They also do the obvious things like cookies and collecting IPs, so I won't bother quoting those.

Q1 – What information does this Privacy Statement cover?

A1 – This Privacy Policy applies only to personal information collected on the websites where this Privacy Policy is posted, and does not apply to any other information collected by D3Publisher through any other means.

I don't use the mobile application, and I'm guessing D3 doesn't collect information through it. This statement technically allows them to do whatever they want if they did, though. Demiurge, on the other hand...

For you social media-minded folks:

Social Media Sites and Social Media Plug-Ins

Some of our websites or product pages may use plug-ins, link to, or post information from social media services, like a Facebook page or Twitter account. These social media services may share information with us, such as personal information (i.e. your name, location, the ‘likes’ you make) or non-personal information (i.e. content viewed, or click-throughs).

This isn't really D3's fault, but I quoted it to let you know what they have access to. Facebook in particular is abusive in the information it collects, which by connecting with MPQ they can have access to anything Facebook will share with them. Again, I wouldn't hold this against D3 - they're not the ones actually collecting this data from you.

And the big one:

Q3 – How is your personally identifiable information used and shared?

A3 – We don’t share, sell, or rent your personal information to unrelated third parties. We don’t require personal information to access our website. However, if you prefer not to disclose personal information, you will not be able to enjoy certain features of our website.

Whatever the purpose may be, we will only collect information to the extent reasonably necessary to fulfill your requests and our legitimate business objectives.

This is the "semi-deceptive" one. It's mostly industry standard, but I have no idea who or what an "unrelated third party" could fully encompass. Obviously D3 won't give your information to anyone who asks for it, but if D3 is a part of a marketing group that shares marketing information as a business function, is that a related third party? I don't know, I'm not a lawyer.

Don't get me wrong - this usually is here to cover things like middle-men (you want D3 to share information with Steam/Google/Apple if you want your payment to be processed to your account, after all) for different services. I just don't know where that line is drawn.

And finally, if you're worried at all:

Q4 – What choices do you have about the collection, use, and sharing of your personally identifiable information?

A4 – As mentioned above, you have control over the personal information you submit to us. If at any time you decide to remove your personal information from our database, you may do so by emailing us at privacypolicy@d3p.us. Please note that any information, including personally identifiable information that you reveal in a bulletin board, message board, chat room or other public forum is publicly viewable on the Site.

This is actually really good (assuming that email address is still legit). It specifically lists removal from the database as opposed to deletion (not sure there's actually a difference from a responsibility perspective) but doesn't impose any limitations on the information you can remove. Props to D3 for that last part.

_RiO_

XandorXerxes wrote:

And the big one:

Q3 – How is your personally identifiable information used and shared?

A3 – We don’t share, sell, or rent your personal information to unrelated third parties. We don’t require personal information to access our website. However, if you prefer not to disclose personal information, you will not be able to enjoy certain features of our website.

Whatever the purpose may be, we will only collect information to the extent reasonably necessary to fulfill your requests and our legitimate business objectives.

This is the "semi-deceptive" one. It's mostly industry standard, but I have no idea who or what an "unrelated third party" could fully encompass.

And that's why this particular standard clause doesn't cut the mustard in the EU. You have no way of knowing what businesses are "unrelated third parties" and thus by extensions, which are "related third parties". And you have no way of knowing what the first party's "legitimate business objectives" are.

This is why EU legislation explicitly requires asking for consent to process personally identifiable information and requires that you list exactly: the collected datums (e.g. "name and billing address"); the business objective(s) involved (e.g. "payment processing") and the involved third parties (e.g. the chosen payment provider).

Nightglider1

_RiO_ wrote:

XandorXerxes wrote:

And the big one:

Q3 – How is your personally identifiable information used and shared?

A3 – We don’t share, sell, or rent your personal information to unrelated third parties. We don’t require personal information to access our website. However, if you prefer not to disclose personal information, you will not be able to enjoy certain features of our website.

Whatever the purpose may be, we will only collect information to the extent reasonably necessary to fulfill your requests and our legitimate business objectives.

This is the "semi-deceptive" one. It's mostly industry standard, but I have no idea who or what an "unrelated third party" could fully encompass.

And that's why this particular standard clause doesn't cut the mustard in the EU. You have no way of knowing what businesses are "unrelated third parties" and thus by extensions, which are "related third parties". And you have no way of knowing what the first party's "legitimate business objectives" are.

This is why EU legislation explicitly requires asking for consent to process personally identifiable information and requires that you list exactly: the collected datums (e.g. "name and billing address"); the business objective(s) involved (e.g. "payment processing") and the involved third parties (e.g. the chosen payment provider).

To address your specific example of payment processing, wouldn't that rest with Apple, Google, Steam, etc? After all, they're the ones with whom you conduct the sales transaction.

I am not a lawyer, either. A fair number of my friends are. Maybe I'll bounce it off them, but they hate to analyze this kind of thing unless they can bill for their time.

_RiO_

Nightglider1 wrote:

To address your specific example of payment processing, wouldn't that rest with Apple, Google, Steam, etc? After all, they're the ones with whom you conduct the sales transaction.

That was only a simple example to explain the concepts. It was not meant to be indicative of this exact case...