Effective Date: July 24th, 2023
- What does this Policy cover?
This Policy sets forth how we collect, use, protect, store, disclose, and otherwise process your Personal Data (defined below). This Policy does NOT apply to information you provide to any third party or is collected by any third party (except as otherwise provided below).
By using the Services, you are confirming that you understand English well enough to understand this Policy. Should you have questions about this Policy, please contact us by emailing us at [email protected] or mailing your questions to 701 N. 36th St., Suite 200, Seattle, WA 98103, so we can clarify and address your questions.
- How do we process Children’s Personal Data?
A “Child” is a person under the age needed to consent to the processing of Personal Data in their country of residence (for example, 13 years old in the United States and between 13 and 16 years old in the European Union).
We do not knowingly collect Personal Data from a Child. If you are a Child, do not submit any Personal Data to us. If you become aware that a Child has provided us with Personal Data, please contact us at [email protected] or 701 N. 36th St., Suite 200, Seattle, WA 98103, so we may delete that Personal Data.
- What categories of Personal Data do we collect?
We may collect different types of information from you depending on how you use the Services, including Personal Data. “Personal Data” means information that relates to an identified or identifiable natural person. The categories of Personal Data we may collect are listed below. Certain types of Personal Data may fall under more than one category.
We do not knowingly or intentionally process any sensitive Personal Data.
We may also collect information that does not generally identify you but may become associated with your profile. We may use information that does not identify you for any permissible business or operational purpose under applicable law.
When you play the Game, we may process your:
- Identifiers: Steam ID for Valve players (but we do not store it);
- Internet or other similar network activity: gameplay information for Microsoft players; and
- Other: phone model for Microsoft players.
If you browse the Shop or purchase our products on the Shop, we may process your:
- Identifiers: first and last name, billing address, shipping address, Internet Protocol address, and email address;
- Commercial information: payment information and purchase history, including value and details of purchase;
- Internet or other similar network activity: interactions with the Shop, including the number of page visits, duration, and type of browser; and
- Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): first and last name, billing address, shipping address, telephone number, and payment information.
If you use the Forum, we may process your:
- Identifiers: first and last name, username, email address, and Internet Protocol address (your Internet Protocol address is never publicly visible);
- Internet or other similar network activity: interactions with the Forum, including the number of page visits, duration, and type of browser;
- Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): first and last name; and
- Other: Personal Data from the content that you post to the Forum, including your profile information.
If you use the Wiki, we may process your:
- Identifiers: first and last name, username, email address, and Internet Protocol address;
- Internet or other similar network activity: interactions with the Wiki, including the number of page visits, duration, and type of browser;
- Personal Information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)): first and last name; and
- Other: Personal Data from the content that you post to the Wiki.
If you posted to the Stardew Valley wiki page owned by Chucklefish Limited, we collected your username from its history pages for the sole purpose of providing you with the appropriate credit for your contributions to the Wiki.
If you browse the Websites, we may process your:
- Identifiers: Internet Protocol address; and
- Internet or other similar network activity: interactions with the Websites, including the number of page visits, duration, and type of browser.
If you contact us, we may process your:
- Identifiers: email address; and
- Other: any Personal Data you may provide to us when you contact us such as your first and last name.
- From what sources do we collect Personal Data?
Directly From You
We may collect your Personal Data when you provide it to us directly, including the examples below.
- When you purchase our products on the Shop, we may collect your first and last name, email address, telephone number, billing address, shipping address, and payment information.
- When you use the Forum or Wiki, we may collect anything you choose to share on the Forum or Wiki.
- When you contact us, we may collect your email address and records and copies of your correspondence.
Automatically From You
We may collect your Personal Data automatically through “cookies” and “web beacons” as you use the Services. Cookies are small files placed on the hard drive of your computer through your web browser that enable us to recognize your browser and capture and remember certain information. Web beacons (also referred to as “clear gifs”, “pixel tags”, and “single-pixel gifs”) are small electronic files that enable us, for example, to count users who have visited our pages and for other related website statistics.
From Third Parties
We may receive your Personal Information from or through third parties that help us provide or facilitate your access to the Services, including those listed below.
- Digital content stores and game platforms such as those operated by Valve Corp. and Microsoft Corp. Examples below.
- If you play the Game using Steam, we may receive your Steam ID (but we do not store it).
- If you play the Game using a mobile application, we may receive your phone model and certain gameplay information from Microsoft.
We abide by this Policy when we use Personal Data provided to us by third parties. However, we may not control the Personal Data that third parties collect or how they use that Personal Data. You should review the third parties’ privacy policies for more information about how they collect, use, and share the Personal Data they obtain and use—for example:
- For what purposes do we collect your Personal Data?
We may collect your Personal Data for the below purposes.
- To provide or improve the Services: We may use your Personal Data to process your requests to access the Services and certain of their features and to generally present and improve the Services. For example, when you create a profile on the Forum, we may use your Personal Data to present the Forum to you and to notify you about activity on the Forum. By way of another example, when you purchase a product from the Shop, we may use your Personal Data to charge and ship the product to you.
- To administer the Services: We may use your Personal Data for any lawful business or operational purpose in connection with administering the Services. For example, if you reach out to us, we may use your Personal Data to respond to you or to troubleshoot a problem you reported having with the Services.
- To market the Services: We may use your Personal Data to market the Services to you. For example, with your prior consent, we may send you news and updates about our products and the Services via email.
- In connection with a sale or other transfer of our business: In the event all or some of our assets are sold, assigned, or transferred to or acquired by another company due to a sale, merger, divestiture, restructuring, reorganization, dissolution, financing, bankruptcy, or otherwise, your Personal Data may be among the transferred assets.
- As we may describe to you when collecting your Personal Data: There may be other situations when we collect your Personal Data and simultaneously describe the purpose for that collection.
We only collect, use, or store your Personal Data for a lawful basis such as:
- you voluntarily provide it to us with your specific, informed, and unambiguous consent (for example, when you sign up for our newsletter);
- it is necessary to provide you with a Service that you have requested (for example, providing you access to the Forum or shipping a purchased product from the Shop to you);
- we have a legitimate business interest that is not outweighed by your privacy rights (for example, to respond to your inquiries); or
- it is necessary to protect your vital interests or the vital interests of others (for example, where necessary to protect the safety of one of our users or someone else).
- In what situations do we disclose your Personal Data?
We may disclose your Personal Data to a third party, such as a service provider or contractor for a business or operational purpose, or with your consent. When we disclose Personal Data for a business or operational purpose, we enter into a contract with the service provider or contractor that describes the purpose and requires the service provider or contractor to both keep that Personal Data confidential and not use it for any purpose except performing the contract. These service providers and contractors include our:
- e-commerce service providers;
- moderation service providers; and
- data analytic service providers.
We may also disclose your Personal Data:
- to our subsidiaries and affiliates;
- to our lawyers, consultants, accountants, business advisors, and similar third parties who owe us duties of confidentiality;
- to a buyer or other successor in the event of a sale, merger, divestiture, restructuring, reorganization, dissolution, or other transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data retained by us pertaining to the users of the Services is among the assets transferred;
- to comply with any court order, law, or legal process, such as responding to a government or regulatory request;
- to enforce any contract we may have in effect with you;
- if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of us, our users, or others; and
- if you have consented to such a disclosure.
We do not sell, rent, or share your Personal Data for cross contextual behavioral or targeted advertising, automated decision-making, or profiling purposes.
- How is my Personal Data protected?
Our Retention, Purpose Limitation, and Security Policies
We protect your Personal Data through a combination of collection, security, and retention policies.
- Purpose limitation: We will use your Personal Data only for the Services you choose to access and for the purposes notified to you, unless we otherwise obtain your consent. We limit the collection of Personal Data to what is adequate, relevant, and reasonably necessary for those purposes.
- Security measures: We use reasonable security measures to ensure a level of security appropriate to the volume and nature of Personal Data processed and risk involved, considering the size, scope, and type of our business, and have implemented contractual, technical, administrative, and physical security measures designed to protect your Personal Data from unauthorized access, disclosure, use, and modification. For example, we use a secure server. All supplied sensitive information is transmitted via Secure Socket Layer (SSL) technology and then encrypted. Such information is only accessible by those authorized with special access rights to such systems and that are required to keep the information confidential, subject to any additional requirements imposed by our contract with them and applicable law. As part of our privacy compliance processes, we review these security procedures on an ongoing basis to consider new technology and methods as necessary. However, please understand that our implementation of security measures as described in this Policy does not guarantee the security of your Personal Data. In the event of a security breach, we will notify the proper regulatory authorities and any affected users of the breach within 72 hours after we become aware of the breach to the extent required by applicable law.
Your Practices and Activities
Your practices and activities are likewise very important for the protection of your Personal Data. You should take certain steps to help protect your Personal Data, such as being mindful of what you share publicly on the Services, including the below.
- Do not use your real name when selecting a username.
- Do not post your real name or anything private about yourself or anyone else in public-facing areas of the Services.
- Do not pick a password that is easy to guess, and do not share your password.
Please remember that we have no control over what other users do with the content of your communications and no responsibility or obligation regarding other users.
- How do we treat Personal Data transferred to the United States?
Place of Business
We may store or process your Personal Data outside of the country where we collect the information or the country in which you reside. Our primary place of business is in the United States. You should understand that we may transfer some or all of your Personal Data to the United States to carry out certain operational and processing needs as described in this Policy.
When transferring Personal Data out of foreign countries, we implement technical, organizational, and physical safeguards to protect your Personal Data. We use European Commission approved standard contractual clauses and implement related measures where required by applicable law. Please contact us if you have questions related to the relevant transfer mechanism for your Personal Data.
- What rights do you have to your Personal Data?
Right to Access, Correct, Delete, or Restrict Processing
Subject to any limitations and exceptions under applicable law, you have the right to request access to your Personal Data and exercise the below rights.
- You have the right to correct or update certain types of Personal Data. In many cases, you can review or update your profile information by accessing your profile online.
- You have the right to request deletion of your Personal Data. If you choose to have your Personal Data removed from the Services, we will carry out your request within 30 days of verification, subject to extension, and we will only retain minimal Personal Data to document your request and the actions we took to carry out your request.
- You have the right to restrict certain processing of your Personal Data and the right to object to some types of processing of your Personal Data.
- You have the right to withdraw your consent at any time.
- You have the right to lodge a complaint regarding our collection, storage, or processing of your Personal Data with a data protection supervisory authority in the country where you live or work.
We will comply with your requests in accordance with, and subject to, applicable law. For example, we are not required to delete your Personal Data if we have an overriding legitimate ground for retaining that information, such as to prevent fraud. Please note that we are legally prohibited from carrying out requested actions in some instances, including (1) when we are unable to confirm your identity or (2) where doing so would adversely affect the rights or freedoms of others. Further, we are not required to carry out a requested action in some instances, including where the request is considered excessive.
We are Here to Help
Please email us at [email protected] with the subject line “Privacy Request” or mail your request to 701 N. 36th St., Suite 200, Seattle, WA 98103, if you would like to exercise any of the rights described above or if you have questions regarding your rights.
- Additional Notice for California, Colorado, Connecticut, Utah, and Virginia Residents
California Online Privacy Protection Act
The following applies to California residents:
- We do not track users of the Services over time and across third party websites or online services and therefore do not respond to Do Not Track signals. We are not aware of any third party that tracks users of the Services over time and across third party websites or online services. Please note that Do Not Track is a different privacy mechanism than the Global Privacy Control, a legally recognized browser-based control that indicates whether you would like to opt out of the processing of your Personal Data for certain purposes.
California Shine the Light Law
The following applies to California residents:
- California residents may request information from us concerning any disclosures of Personal Data we may have made in the prior calendar year to third parties for direct marketing purposes. If you are a California resident and you wish to request information about our compliance with this law or our privacy practices, please email us at [email protected] with the subject line “California Shine the Light Law” or mail your request to 701 N. 36th St., Suite 200, Seattle, WA 98103.
State Privacy Laws
The following applies to California, Colorado, Connecticut, Utah, and Virginia residents (in the event of a conflict between this Section 10 and any other section in this Policy, this Section 10 controls):
- Right to Know and Access: You have the right to request that we disclose certain information to you about our collection and use of your Personal Data. Once we receive and confirm your verifiable consumer request, we will disclose to you the following, to the extent retained by us:
- the categories of Personal Data we collected about you;
- the categories of sources for the Personal Data we collected about you;
- our business or commercial purpose for collecting, selling, or sharing that Personal Data;
- the categories of third parties with whom we disclose that Personal Data;
- the specific pieces of Personal Data we collected about you (also known as a data portability request); and
- if we sold or shared your Personal Data, two separate lists disclosing (1) sales, identifying the Personal Data categories that each category of recipient purchased, and (2) disclosures for a business or operational purpose, identifying the Personal Data categories that each category of recipient obtained.
- Right to Deletion: You have the right to request that we delete any of your Personal Data that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers and contractors to delete) your Personal Data from our records, unless an exception under applicable law applies. We may deny your deletion request if retaining the information is necessary for us or our service providers or contractors to:
- complete the transaction for which we collected the Personal Data, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide the Services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
- help to ensure the security and integrity of the Services to the extent the use of your Personal Data is reasonably necessary and proportionate to those purposes;
- debug the Services to identify and repair errors that impair existing intended functionality;
- exercise free speech, ensure the right of another user to exercise their free speech rights, or exercise another right provided for by law;
- comply with the California Electronic Communications Privacy Act;
- engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the Personal Data’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided consent;
- enable solely internal uses that are reasonably aligned with user expectations based on your relationship with us and compatible with the context in which you provided the Personal Data; or
- comply with a legal obligation.
- Right to Correction: You have the right to request that we correct inaccurate Personal Data. Once we receive and confirm your verifiable consumer request, we will use commercially reasonable efforts to correct the inaccurate Personal Data, taking into account to the nature of the Personal Data and the purposes of the processing of the Personal Data.
We will not discriminate against you for exercising any of your privacy rights under applicable law. Unless permitted by applicable law, we will not:
- deny you the Services;
- charge you different prices or rates for the Services, including through granting discounts or other benefits, or imposing penalties;
- provide you a different level or quality of the Services; or
- suggest that you may receive a different price or rate for the Services or a different level or quality of the Services.
Verifiable Consumer Requests
To exercise your rights described above, please email us at [email protected] with the subject line “State Privacy Rights” or mail your request to 701 N. 36th St., Suite 200, Seattle, WA 98103. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Personal Data. The verifiable consumer request must:
- provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative; and
- describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm that the Personal Data relates to you. We will only use Personal Data provided in a verifiable consumer request to verify your identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. If you have a profile with us, we will deliver our written response to that profile. If you do not have a profile with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the receipt of verifiable consumer request, unless you request a longer period of time for Personal Data we collected about you after January 1, 2022. The response we provide will also explain the reasons we cannot comply with a request, if applicable.
To appeal a decision regarding your verifiable consumer request, please submit your appeal using one of the two methods above. Your appeal should include an explanation of the reason you disagree with our decision. Within 60 days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions.
For data portability requests, we will select a format to provide your Personal Data that is readily useable, easy-to-understand, and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
- How will we notify you of changes to this Policy?
We reserve the right to change this Policy from time to time consistent with applicable law. If we make changes to this Policy, we will notify you by revising the date at the top of this Policy and provide you with additional notice such as an in-Game notice, banner on the Websites, or email notification.
- How can you contact us?
If you have questions, you may email us at [email protected] or mail your questions to 701 N. 36th St., Suite 200, Seattle, WA 98103.
If you are a law enforcement agency, please email us at [email protected] with your request for Personal Data with the subject line “Law Enforcement Request.”