Icon for Epic Games

Epic Games

Epic Games is an American game development company. It is behind the Unreal Engine and a number of popular video games.


Handling

Does the service allow third-party access to private personal data? Yes, not all parties specified

0/10

Decided Oct. 26, 2019 (revision history). This question accounts for 12% of the final score.

The policy allows sharing personal data with third-parties (not just critical service providers), and does not explicitly list the third-parties.

This may come in the form of outright data sharing or by using local third-party analytics software (such as Google Analytics, which collects a plethora of user information).

Note that whether the policy allows sharing aggregated user data does not affect this question.

If the personal data is encrypted when it passes through the third-party, it does not count as third-party access (as the data is inaccessible to that party).

If personal data has been made public by, for example, posting it to a blog, it does not count as private personal information (and is therefore not considered by this question).

Possible Options

Yes, not all parties specified0/10
Yes, all parties specified (including non-critical service providers such as advertisers)3/10
Yes, not all parties specified (but only to critical service providers)7/10
Yes, all parties specified (only to critical service providers)8/10
No10/10

Citation

We may share personal information we collect with Epic Games, Inc. subsidiaries to support the Epic services worldwide. We also will share information with service providers that perform services on our behalf and under our instructions. These service providers are not authorized by us to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. We also may share certain limited information, such as device identifiers, with advertisers and other marketing partners for purposes of gauging the effectiveness of advertising and other marketing strategies.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy allow personally-targeted or behavioral marketing? Yes

0/10

Decided Oct. 25, 2019 (revision history). This question accounts for 12% of the final score.

Possible Options

Yes0/10
Yes, but you can opt-out3.5/10
Yes, but you must opt-in7/10
No10/10

Citation

To support our legitimate interests, consistent with your rights and preferences, we use personal information: [...] To manage and customize advertisements or promotional offers.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


When does the policy allow law enforcement access to personal data? When reasonably requested

3/5

Decided Oct. 25, 2019 (revision history). This question accounts for 6% of the final score.

Possible Options

Always0/5
Not specified0/5
When reasonably requested3/5
Only when required by a court order or subpoena4/5
N/A (no personal data to share)5/5
Never (special legal jurisdiction)5/5

Citation

We may also disclose information about you: (i) if we are required to do so by law, legal process, or a reasonable request from law enforcement authorities or other government officials, (ii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity, or (iii) if necessary to protect the vital interests of another individual (such as to prevent death, bodily harm, or serious damage to property).

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow you to permanently delete your personal data? No

0/5

Decided Oct. 27, 2019 (revision history). This question accounts for 6% of the final score.

Even if there is a reasonable delay before the data is fully deleted (as is common), the data still counts as "permanently deleted" and satisfies the parameters for this question.

Possible Options

No0/5
Yes, by contacting someone3/5
Yes, using an automated mechanism5/5
N/A (no personal information collected)5/5

Citation

If you are located in the EU or Epic entities located in the EU process your personal information, then we will provide you with the ability to request access to and correction or deletion of your personal information.

Note

There is no guarantee that this functionality is provided for users outside of the EU.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Collection

Does the service collect personal data from third parties? Yes

0/10

Decided Oct. 27, 2019 (revision history). This question accounts for 12% of the final score.

This includes the use of data brokers and independent verification authorities (such as background check providers).

Possible Options

Yes0/10
Only for critical data7/10
No10/10

Citation

In some cases, other parties provide us with information about you, or allow us to collect information about you. We generally collect information from other parties in four ways: (1) you access the Epic services using a website or device that is not controlled by us, such as a game console or social network, (2) you choose to use a social feature of the Epic services, (3) you purchase one of our games or applications from another party, or (4) you use Epic services that contain or require anti-cheat services from other parties. In some cases, we are not able to control the amount or type of information that other parties like social networks, make available to us. In those cases, we use only the data that we need to provide the types of services we think our users want and expect. Although we cannot control your privacy settings at those websites or how those other parties protect your privacy, once we receive information about you through those websites, we will treat it in accordance with this policy.

Note

There is no guarantee that the data collected is used for only non-critical purposes.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy list the personal data it collects? Yes, generally

7/10

Decided Oct. 25, 2019 (revision history). This question accounts for 12% of the final score.

All general categories of collected personal data are listed, though not all types of personal data are explicitly mentioned (for example, the list might use a phrase like 'such as' when listing types of personal data).

Possible Options

No0/10
Only summarily3/10
Yes, generally7/10
Yes, exhaustively10/10
N/A (no personal information is collected)10/10

Citation

  • Technical information about your computer, device, hardware, or software you use to access the Internet or our services, such as IP address or other transactional or identifier information for your device (such as device make and model, information about device operating systems and browsers, or other device or system related specifications);
  • Usage information and statistics about your interaction with the Epic services, which may include the URLs of our websites that you have visited, URLs of referring and exiting pages, page views, time spent on a page, number of clicks, platform type, the application you used or the game you played, how long you used or played it and when, and other usage statistics;
  • Crash reports, which may be automatically generated when a game or application crashes and includes information about your system and the crash;
  • Information that facilitates a safer and more personalized experience, such as your display name or other user identification provided in connection with your application use or game play, saved preferences, game progress, and device identifiers or usage information for authentication and fraud prevention purposes;
  • The location of your device, such as may be derived from your device’s IP address.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Is it clear why the service collects the personal data that it does? Somewhat

4/10

Decided Oct. 27, 2019 (revision history). This question accounts for 12% of the final score.

This question deals with transparency. Even if the service uses data for reasons that aren't ideal for privacy, provided they list all of those uses, the service can still receive full credit for this question. However, if they are not explicit about their uses (by employing language like "such as"), a lower score is assigned.

Possible Options

No0/10
Somewhat4/10
Mostly7/10
Yes10/10
No personal data is collected10/10

Citation

The type of information that we automatically collect may vary, but generally includes:

  • Technical information about your computer, device, hardware, or software you use to access the Internet or our services, such as IP address or other transactional or identifier information for your device (such as device make and model, information about device operating systems and browsers, or other device or system related specifications)

  • Usage information and statistics about your interaction with the Epic services, which may include the URLs of our websites that you have visited, URLs of referring and exiting pages, page views, time spent on a page, number of clicks, platform type, the application you used or the game you played, how long you used or played it and when, and other usage statistics

  • Crash reports, which may be automatically generated when a game or application crashes and includes information about your system and the crash

  • Information that facilitates a safer and more personalized experience, such as your display name or other user identification provided in connection with your application use or game play, saved preferences, game progress, and device identifiers or usage information for authentication and fraud prevention purposes

  • The location of your device, such as may be derived from your device’s IP address

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the service allow the user to control whether personal data is used or collected for non-critical purposes? On an opt-out basis, but only for some non-critical data/uses

1.5/5

Decided Oct. 27, 2019 (revision history). This question accounts for 6% of the final score.

Some services allow users to opt-out or opt-in to of non-critical collection or use of personal data, such as collecting data for personalized advertisements.

Possible Options

No0/5
On an opt-out basis, but only for some non-critical data/uses1.5/5
On an opt-out basis, for all non-critical data/uses3/5
N/A (no data used for non-critical purposes)5/5
On an opt-in basis5/5

Citation

We provide you with choices about whether to provide us with personal information and whether it is shared. For example, we may seek your prior consent for certain processing. We are required to seek your consent before we use your personal information for any purpose incompatible with the purposes identified in this policy. You may withdraw your consent at any time by sending an email as specified in the “How to Contact Us” section below. Any withdrawal of consent is only effective on a going-forward basis and will not impact processing we undertook while relying on your consent.

Note

Phrases like "certain processing" are vague, and there is no guarantee that the opt-outs they provide cover all non-critical data uses.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Transparency

Does the policy require users to be notified in case of a data breach? No

0/7

Decided Oct. 26, 2019 (revision history). This question accounts for 8% of the final score.

Note that all companies operating in the EU are subject to Art. 33 of the GDPR, which requires companies to notify their data protection authority of a data breach within 72 hours of discovering it.

Possible Options

No0/7
Yes, eventually5/7
Yes, within 72 hours7/7
N/A (the service collects so little personal data that notification would not be possible)7/7

Note

Is not mentioned

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Will the affected users be notified when the policy is meaningfully changed? No

0/5

Decided Oct. 26, 2019 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Yes5/5
N/A (no personal data—or contact information—collected)5/5

Citation

Please review this policy every time you access or use the Epic services to make sure that you have reviewed the most recent version.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Is the policy's history made available? Only the date it was last modified

3/5

Decided Oct. 25, 2019 (revision history). This question accounts for 6% of the final score.

Possible Options

No0/5
Only the date it was last modified3/5
Yes, with revisions or a change-log5/5

Citation

This policy may be updated periodically to reflect changes in our personal information practices or relevant laws. We will indicate at the top of this policy when this policy was last updated. Please review this policy every time you access or use the Epic services to make sure that you have reviewed the most recent version.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.


Does the policy outline the service's general security practices? Somewhat

1/3

Decided Oct. 27, 2019 (revision history). This question accounts for 4% of the final score.

The policy provides only a very vague overview of its security practices.

Possible Options

No0/3
Somewhat1/3
Yes2/3
Yes, including audits2.5/3
N/A (no personal data collected)3/3
Yes, including independent audits3/3

Citation

We maintain appropriate administrative, technical, and physical safeguards to protect your personal information from accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use and other unlawful forms of processing. In some cases, your information is accessible when you log into a feature we offer, and in those cases you need to keep your user credentials and password confidential and secure so that your information is protected.

Click here to suggest a change or to flag this conclusion as incorrect, or here for more information.



Warnings

Epic Games has no warnings published on PrivacySpy. PrivacySpy publishes warnings when it learns a service has announced a data breach or is found misusing user data. If you believe a warning should be published for Epic Games, submit one here.


Highlighted Policy Snapshot ALPHA

No highlighted policy snapshot has been created for this privacy policy. To view the policy at its original location, click here.

2.3/10

How we calculate ratings →


Version Added

Oct. 25, 2019

Ratings Updated

Oct. 27, 2019

Warnings

0

Maintained by

Miles, yaagesoft

Original Location
Open in New Tab
Other Versions