We’ve written this policy in plain English and have given examples of what each part means where an example might be helpful.
This policy sets out how we handle your personal information if you’re an Illyriad player or visitor to our Sites. It applies across both the Illyriad and Age of Ascent games, forums & general websites (the “Sites”).
- When we say ‘we’, ‘us’ or ‘Illyriad Games’ it’s because that is who we are, and we own and run the Sites.
- If we say ‘terms & conditions’, we’re talking about each Sites’ Terms & Conditions, linked from the bottom of each site (for Illyriad, click here; for Age of Ascent, click here).
- If we say ‘rules’ or ‘rules of the game’ we’re talking about each Sites’ Rules of The Game (for Illyriad, click here ; for Age of Ascent, these haven’t been written yet as the game is not yet live!) .
- Both ‘personal information’ and ‘personal data’ have the same meaning in the context of this policy.
The type of personal information we collectWe collect certain personal information about visitors and users of our Sites. The most common types of information we collect includes things like:
- user-/player- names (when you create an account),
- email addresses (if you provide us with one for the purposes of password recovery, and/or if you sign up to a newsletter or mailing-list),
- IP addresses (whenever you use the Sites),
- payment agent details (when you buy Prestige),
- transactional details (when you buy Prestige),
- tax information (when you buy Prestige),
- support queries (ingame Petitions, forum Technical Help posts),
- forum comments (when you post in the forums),
- chat and mail logs (when you communicate with others),
- content you direct us to make available on our Sites (eg. player or alliance profiles), and
- web analytics data (when you use the Sites).
How we collect personal information
We collect personal information directly (ie. we are a ‘data collector’) when you provide it to us:
- automatically as you navigate through the Sites, and
- when you provide it to us directly, such as when you complete registration, subscribe to a newsletter, submit feedback or send a communication.
- We process your personal information collected through other people (ie. we are a ‘data processor’) when you use third party services associated with the Sites (such as if you make a Prestige purchase through PayPal), and these third parties provide us with your information in order for us to process your transaction.
- We collect personal information directly (ie. we are a ‘data collector’) when you provide it to us:
Personal information we collect about you from othersAlthough we generally collect personal information directly from you, on occasion, we also collect certain categories of personal information about you from other sources. In particular:
- financial and/or transaction details from payment providers located in the US (Steam) and the European Economic Area (EEA) (such as PayPal & Fortumo Mobile payments) in order to process a transaction;
- third party service providers (like Facebook, Google & Steam) who are located in the US or EEA, who may provide information about you when you link, connect, or login to your account with the third party authentication provider and they send us information - such as your registration ID. The information varies and is controlled by that service provider or as authorized by you via your privacy settings at that service provider.
How we use personal information
We will use your personal information:
- To fulfil a contract, or
- To take steps linked to a contract: in particular, in facilitating and processing transactions that take place on the Sites, like where you purchase an item (such as Prestige) from our marketplace.
Where this is necessary for purposes which are in our, or third parties’,
legitimate interests. These interests include:
- operating the Sites;
- providing you with services described on the Sites;
- verifying your identity when you sign in to any of our Sites;
- responding to support tickets, and helping facilitate the resolution of any disputes;
- updating you with operational news and information about our Sites and services (eg to notify you about changes to our Sites, website disruptions or security updates);
- carrying out technical analysis to determine how to improve the Sites and services we provide;
- monitoring activity on the Sites, e.g. to identify potential fraudulent activity and to ensure compliance with the Terms & Conditions and Rules of The Game that apply to the Sites;
- managing our relationship with you, e.g. by responding to your comments or queries submitted to us on the Sites or asking for your feedback or whether you want to participate in a survey;
- managing our legal and operational affairs (including managing risks relating to content and fraud matters);
- training Illyriad staff about how to best serve our user community;
- improving our products and services;
- providing general administrative and performance functions and activities.
Where you give us explicit consent for:
- providing you with marketing information about products and services which we feel may interest you, by signing up to a mailing-list or newsletter; and
- For purposes which are required by law.
- For the purpose of responding to requests by government, a court of law, or law enforcement authorities conducting an investigation.
- We will use your personal information:
When we disclose your personal information
We will disclose personal information to the following recipients:
- companies that are in the Illyriad group of companies;
subcontractors and service providers who assist us in connection with the ways we use personal information (as set out above), in particular:
- website hosting providers and cloud services;;
- technical and customer support services;
- analytics services;
- security and fraud prevention services;
- payment processing services; and
- identification verification services.
Note that our subcontractors and services providers may also transfer and access such information from other countries in which they have operations.
- our professional advisers (lawyers, accountants, financial advisers etc);
- regulators and government authorities in connection with our compliance procedures and obligations;
- a purchaser or prospective purchaser of all or part of our assets or our business, and their professional advisers, in connection with the purchase;
- a third party to respond to court-authorised requests relating to a criminal investigation or alleged or suspected illegal activity;
- a third party, in order to enforce or defend our rights, or to address financial or reputational risks;
- a rights holder in relation to an allegation of intellectual property infringement or any other infringement; and
- other recipients where we are authorised or required by law to do so.
- We will disclose personal information to the following recipients:
Where we transfer and/or store your personal information
- We are based in the United Kingdom, but also host data and services in the US, and also in the Cloud - so your data will be processed in the UK, EEA and the US - and potentially elsewhere.
- In order to protect your information, we take care where possible to work with subcontractors and service providers who we believe maintain an acceptable standard of data security and privacy compliance.
How we keep your personal information secure
- We store personal information on secure servers that are managed by us and our service providers, and occasionally in hard copy files that are kept in a secure location in the UK and the US.
- Personal information that we store or transmit is protected by security and access controls, including username and password authentication, two-factor authentication, and data encryption where appropriate.
How you can access your personal information
- You can access, amend and remove most of the personal information that we collect about you by logging in to your account on the relevant Sites.
- You also have the right to make a request to access other personal information we hold about you and to request corrections of any errors in that data.
- You can also close the account you have with us for any of our Sites at any time.
- You can ask us to provide you with a copy of all the personal information we hold about you
- We may require proof of identity, and proof that (for example) the User/Player account(s) belong to you, before we will consider a data access request.
- We may refuse to provide your data if doing so requires infringing the privacy of other users of our Sites and we cannot obtain their consent to disclosure.
If we consider that a data request is manifestly unfounded or excessive we can:
- request a reasonable fee to deal with the request; or
- refuse to deal with the request.
- In any case of refusal or requested fee, we will provide you with this information in writing; fees to be payable before information is provided.
- To make an access or correction request, contact our Data Protection Officer using the contact details at the end of this policy.
Marketing choices regarding your personal information
- Where we have your opt-in consent to do so (e.g. if you have explicitly subscribed to one of our e-mail lists or have explicitly opted-in to receiving offers or information from us), we may send you marketing communications by email about products and services that we feel may be of interest to you.
- You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by using the “unsubscribe” facility provided in the communication itself.
- You also have choices about cookies, as described below. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject cookies some parts of our Sites may not work properly for you.
Cookies and web analytics
- A cookie consists of information sent by a web server to a web browser, and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
- We use both "session" cookies and "persistent" cookies on the Sites.
We use session cookies to:
- keep track of you whilst you navigate the website, and keep you logged-in (until you log out or are ‘timed out’); and
- ensure you are not in breach of any of the Terms & Conditions and Rules Of The Game.
We use persistent cookies to:
- enable our website to recognise you when you visit; and
- ensure you are not in breach of any of the Terms & Conditions and Rules Of The Game.
- Session cookies will be deleted from your computer when you close your browser.
- Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
- Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. Please seek information from your browser’s ‘Help’ page to find out how to block cookies, if you wish to do so. Blocking all cookies will, however, have a negative impact upon the usability of many websites, including this one.
When you visit our Sites, there’s certain information that’s recorded which is generally anonymous information and does not necessarily reveal your identity. If you’re logged into your account some of this information could be associated with your account.
We’re talking about the following kinds of details:
- your IP address or proxy server IP address;
- the domain name you requested;
- the name of your internet service provider is sometimes captured depending on the configuration of your ISP connection;
- the date and time of your visit to the website;
- the length of your session;
- the pages which you have accessed;
- the browser and version you used;
- the file URLs you look at and information relating to it;
- the website which referred you to our Sites; and
- the operating system which your computer uses.
Information about children
Our Sites are not suitable for children under the age of 16 years, so if you are under 16 we ask that you do not use our Sites or give us your personal information.
Information you make public or give to others
If you make your personal information available to other people, we can’t control or accept responsibility for the way they will use or manage that data.
There are lots of ways that you can find yourself providing information to other people, like when you post a public message on a forum thread, share information via social media, or make contact with another user whether via an in-game-mail or via a chat facility that we provide.
Think carefully before making your personal information publicly available or giving your information to anyone else.
How long we keep your personal information
- We retain your personal information for as long as is necessary to provide the services to you and others, and to comply with our legal obligations.
- If you no longer want us to use your personal information or to provide you with the game services, you can close your game account.
Please note that we will retain information from deleted accounts as necessary:
- for our legitimate business interests,
- to comply with the law,
- prevent fraud,
- collect fees,
- resolve disputes,
- troubleshoot problems,
- assist with investigations,
- enforce the terms of service and
- take other actions permitted by law.
When we need to update this policy
- We will need to change this policy from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices.
- When we do change the policy, we’ll make sure to notify you about such changes, where required.
- A copy of the latest version of this policy will always be available on this page.
How you can contact us
If you have any questions about our privacy practices or the way in which we have been managing your personal information, please contact our Data Protection Officer in writing to:
The Data Protection Officer,
Illyriad Games Ltd,
563 Chiswick High Road,
London W4 3AY,
If you have unresolved concerns you also have the right to complain to data protection authorities. The relevant data protection authority will be the data protection authority of the country:
- of your habitual residence; or
- in which you consider the alleged infringement has occurred.
Many, many thanks for reading all of this. You’re the best!