Privacy Policy

 

Revision date: 01/31/24 

Preamble 

Maintaining your privacy is important for the Asmodee Group.  

This Policy on personal data protection forms an integral part of the General Conditions of Use. The definitions contained in the latter document therefore similarly apply to this Policy. 

The purpose of the Policy is to notify visitors (i.e. anyone simply viewing the Products and Services offered online), Users (i.e. anyone registered to the site) (collectively hereafter referred to as “You”) of the website hobbynext (hereafter the “Site”) about the process employed by Financière Amuse Bidco, a French company having its registered office at 18 rue Jacqueline Auriol, Quartier Villaroy - 78280 Guyancourt, RCS registration of Versailles under number 815 143  (hereafter “us” or “we”), a subsidiary of the Asmodee Group, for the processing of your personal data (hereafter “Personal Data” or “Data”), including the rights You enjoy in this regard. 

Financière Amuse Bidco complies with all applicable laws in order to protect your privacy, including the CCPA (California Consumer Privacy Act), the GDPR (General Data Protection Regulation of the EU) and the UK GDPR (General data Protection Regulation of the UK), where such legislation applies to You.  

If You are not in agreement with the Policy and practices set out below, You may decide not to use our Site. 

MAIN FEATURES OF THE POLICY 

Information collected 

We collect information about You whenever You use the Site or interact with us. 

In addition to the information declared by You (e.g. when creating an account, when playing our games or if You subscribe to our loyalty programme), certain information is automatically collected, generated or deduced by our systems (e.g. Your logon data). 

We invite you to keep us regularly informed in writing of any change in your contact details. 

Utilisation 

We use this information to provide You with the Services and Products requested on our Site. 

This information also enables us to gain a better understanding of your preferences and to send You customised offers about our Products and Services, subject to obtaining your consent whenever required. 

Recipients 

The information will be forwarded to our service providers whenever necessary to provide You with the requested Product or Service, and/or to any of our affiliated companies. 

Transfer 

Data may be transferred outside the EU due to the organisational structure or physical location of certain of our service providers (hosting companies, payment or security service providers, etc.). 

For further information, please click here. 

Your options and rights 

In order to exercise your rights of Data access and rectification, or to find out about the other rights You enjoy under data protection legislation, please click here. 

Contact us 

For any questions or complaints You may have in relation to the Policy, please use the following contact addresses: 
- Via e-mail: donneespersonnelles-bidco@asmodee.com 

 - Via post: FINANCIERE AMUSE BIDCO, 18 rue Jacqueline Auriol, Quartier Villaroy - 78280 Guyancourt 

Definitions 

The following terms used in the Policy in either their singular or plural form have the following definitions: 

Temporary Storage: means transfer of Personal Data which is of administrative significance to us (e.g. in the case of a dispute and/or legal obligation) to a logically or physically separate database and, in all circumstances, subject to restricted access. Such storage represents an intermediate stage prior to the deletion or anonymisation of the Personal Data in question; 

Account: means the unique account accessible on the website asmodee.net via the User’s personal and confidential login data, which may not be communicated to any third party; 

Personal Data: means any information about or which identifies a given person, including information designated as “personally identifiable information” or “personal information” under any applicable data confidentiality law or regulation. 

Applicable Law: means all applicable laws, regulations and other requirements. This includes the General Data Protection Regulation (Regulation (EU) 2016/679, or GDPR), the equivalent requirements in the UK, including the 2018 UK General Data Protection Regulation (UK GDPR) and the California Consumer Privacy Act (CCPA). 

Asmodee Group: means  

1. The company Financière Amuse BidCo, the parent company of the Asmodee Group, having its registered office at 18, rue Jacqueline Auriol, 78280 Guyancourt, France; 

2. All companies and other entities directly or indirectly controlled by Financière Amuse BidCo, a list of which is regularly updated and made available on our corporate website; 

Platform: means the platform accessible from the website XX; 

Policy: means this privacy policy; 

Product: means the physical products marketed on the Asmodee Platform and via its Partners' Applications, notably games; 

Service: means any service offered on the Platform, including access to chat rooms and/or newsgroups and discussion areas where Users may exchange information, access online games, online tournaments and create content (avatars, game scenarios, stories, suggestions, comments, etc.); 

User or You: means the natural person whose minimum age is defined in local legislation, who is browsing on the Platform from their Terminal and whose Personal Data processing is governed by the Policy. Where the User is below the required age, they guarantee to have obtained parental consent for the processing of their Personal Data; 

Terminal: means the hardware (computer, tablet, smartphone, phone, etc.) employed by the User in order to use the Platform or Products. 

Scope 

Financière Amuse Bidco, having its registered office at 18, rue Jacqueline Auriol, 78280 Guyancourt, RCS Versailles registration number 818 058 216, is the data controller of your Personal Data. 

Useful information! 
You are probably unaware that, when You log in to your AsmoConnect account from our Site or subscribe to our newsletter, your Personal Data is processed by Asmodee Digital, where each party acts as data controller for its own legitimate purposes. In summary: 

• We process your Data for all the purposes described below; 
• Asmodee Digital processes your Data for marketing purposes and to provide You with the benefits of unique authentication. 

Third parties wishing to know your main interests to constitute similar audiences and target prospects that match your profile. In the context of this specific data processing, XXX is not the Data Controller relating to prospecting and you will not be subject to prospecting, your data is only used to constitute profiles similar to yours.  

Minimum age 

Maintaining the security and privacy of children is very important to us. We neither deliberately collect nor exploit the Personal Data of persons below the minimum age defined in local legislation (e.g. 15 in France), unless with the consent of the child and the holder of parental authority. 

You therefore also confirm to have reached the minimum age when You provide us with your Personal Data in relation to your utilisation of our Products and Services. If You are under below the minimum age, You must request permission from your parent or legal guardian to provide us with your Personal Data. To this end, please contact us as specified in the section below entitled “Contact and complaints”. 

What Personal Data do we collect?  

Personal Data given to us by You directly 

We collect the following Personal Data: 

•  Identification data, such as your gender, surname, username, first name, pseudonym, date of birth, internal customer identifier and, as applicable, loyalty card number. Certain Data, such as your pseudonym, are made public to enable the community to locate You within our Services. 
• Login data such as your e-mail address in order to create an account and to connect You to your account, your country of residence and postcode. 
• Data relating to the profile You have created (avatar, gender, preferred colour, languages spoken and game preferences).  
• Data voluntarily forwarded by You to us in order to receive our newsletter, to benefit from early access to our games, to use our development tools (Beta Test), to participate in competitions or when You contact us via Customer Services.  
• Data when You register for a competition: surname, first name, user name and e-mail and postal addresses. 
• Your dietary requirements for tournaments where we provide meals. 

• Any other information about the provision of our Services and in order to satisfy your requirements. 

We do not collect any “sensitive” Personal Data within the meaning of applicable laws on Personal Data protection, notably Data about your state of health or which may reveal your claimed racial or ethnic origin, your political opinions, your religious or philosophical beliefs or your membership of a trade union. 

Personal Data collected by us automatically  

Every time You visit our Site, we automatically collect (with your consent, as and when required) certain Personal Data or Data relating to your computer or other device, through the utilisation of cookies. Such information notably includes:  

• The IP address automatically assigned to your computer when You use the internet;  

• The type of web browser You use;  

• The type of operating system You use to access the Site;  

• The domain name of your internet service provider;  

• Your originating webpage;  

• Your country of residence and language;  

• The pages and options You visit and which You access on our Site, including the time spent on such pages;  
• Your gaming experience, duration, times of use, tryouts, progression, results and saved preferences. 

Whenever You access, visit and/or use the Site, we may therefore monitor your visit and collect certain Data about your use of the Products and Services and your activity on the Site. For further information about our use of cookies, please refer to our Cookies Policy by clicking HERE.  

What use do we make of the information collected and for how long will it be retained? 

In accordance with applicable data protection laws, we only collect Personal Data if we have a legal basis for such action. 

Personal Data is collected on the basis of: 

• Pre-contractual measures or for the purpose of contract execution; or 
• Your consent; or 
• Our legitimate interests; or 
• Enabling us to comply with our legal obligations. 

We draw your attention to the fact that certain Data may be retained for periods longer than those stated below in order to enable us to meet our legal obligations, to defend our rights should any action for liability be taken against us or to exercise our judicial rights. In any such case, your Personal Data will be stored and retained for the period specified in applicable regulations or for the applicable period of statutory limitation. 

Once your Personal Data is no longer required, we will ensure that it is deleted or anonymised. 

Purpose	Legal basis	Retention period
Creation and administration of My account customer accounts Managing the public profile, your wish lists User authentication	Execution of a contract	Retention of Data required to manage the account until its removal. The following will be retained for 3 years as proof of removal: surname, first name, e-mail address, account removal date and channel, from the date of removal.
Detection, prevention and fight against fraud and cybercrime Security of our Site	Execution of the service (contract) Legitimate interest (measures to combat piracy, fraud, cybercrime, etc.)	Retention during the period of an alert being considered to constitute fraud: 12 months from the date of the alert; alerts not classified after a period of twelve (12) months will be deleted. Alerts classified as fraud will be retained for a maximum period of five (5) years after the fraud file has been closed.
In preparation of and/or during a commercial operation such as merger, acquisition, reorganisation or sale within the Asmodee Group, Embracer or their various entities, or any third-party company	In any such case, we undertake to notify You of the name of the relevant company, the purposes for which your Data will be used and, if required in law, to obtain your prior consent.	During the period of due diligence and until signature of the contract.
Responding to requests for exercise of your rights	Legal obligation	1 year from receipt of the request.

Where processing is based on our legitimate interests, we will take into account all potential effects that exploitation of your Data could have on You. Where we believe your interests or fundamental rights and freedoms prevail over our legitimate interests, we will not use your Personal Data on this basis and will ask for your specific consent. 

We do not use Personal Data for any purpose incompatible with the reason for it originally having been collected, unless subsequently approved by You. 

For Data processing performed via cookies and trackers, please refer to our cookies policy HERE.  

With whom do we share your Personal Data? 

We communicate your information, including if possible in a form that does not allow a direct identification, to: 

Recipients internal to the Asmodee Group 

• Authorised personnel from the marketing department, departments responsible for customer relations and sales  

development, the administration and legal departments, the logistics and IT departments and their line managers;  

• Other Asmodee Group companies acting as processors according to our instructions and solely on our behalf, or as joint controllers to provide you with the same personalized service worldwide. 

External recipients 

• The authorised personnel of our service providers, including third parties in charge of managing our communications and alerts, third parties who assist us in the organization of our events, third parties providing IT services, digital communication and public relations agencies; 
• Your Data on forums and blogs;  

•  Please note that these third-party partners may act as data controllers; in such cases, they have their own privacy policies.  

These third parties include: 

• Third parties in the event of a change of control, for legal reasons, or with your prior consent 

• Third parties or other Asmodee entities wishing to know your main interests to constitute similar audiences and target prospects that match your profile. In the context of this specific data processing, Financière Amuse Bidco is not the Data Controller relating to prospecting and you will not be subject to prospecting, your data is only used to constitute profiles similar to yours 

Please note that this list is not exhaustive and there may be other circumstances in which we share your Data with third parties, provided it is in the legitimate interests of Asmodee, or permitted under applicable laws or is necessary to enable us to comply with our legal obligations. 

In this context, your Personal Data may be transferred outside the European Economic Area (EEA) to countries that do not provide the same level of protection as that provided within the EEA, such as China and Canada. In the absence of a decision of adequacy being issued by the European Commission, any such transfer of your Personal Data will be governed by standard contractual clauses adopted by the European Commission. You may contact us in order to obtain a copy, although certain details may be omitted for confidentiality reasons. 

Note for Quebec Residents and California Residents: We do not share or sell your data to third parties for separate commercial purposes. However, the meaning of “sale” and “share” under the California Privacy Rights Act (CPRA) is broad and may include sharing information with third parties through cookies and other trackers that we use for performance purposes, targeted advertisements, and social media purposes, as described above. Information disclosed to such third parties includes basic identification information, device information and other unique identifiers, internet activity, and commercial data.  Financière Amuse Bidco uses cookies and other trackers, for purposes defined in our cookies policy.  

You have the right to accept or reject all cookies except strictly necessary cookies (this option will opt you out of all “sales” and “sharing” as defined by CPRA for cross-context behavioral or targeted advertising and of “profiling” cookies as defined in Quebec). To opt-out of all or selected cookies, please visit the Your Privacy Choices / Cookies. 

Is any Personal Data transferred outside the European Union? 

We conduct our business worldwide and may transfer your Personal Data to other companies of the Asmodee Group or to partners in any geographical location. We want You to enjoy the best possible service and customer experience, whether online or in person, wherever You may be located in the world. Consequently, we may share your Personal Data with partners located outside the country in which You shared such Data with us for the first time. In any such case, we will always act in compliance with the purposes set out in this Privacy Policy.   

In addition to establishing this Policy, the Asmodee Group also implements appropriate measures to ensure that your Personal Data is securely transferred to an Asmodee entity or external recipient located in a country offering a different level of protection to that of the country in which your Personal Data is collected. Where the recipient is located in a country where the legislation has not been covered by an adequacy decision issued by the European Union, we will ensure that the transfer is governed by standard contractual clauses of the European Commission which guarantee an adequate level of protection of privacy and fundamental personal rights, or equivalent guarantees, and/or appropriate technical and organisational measures. 

How do we protect your Personal Data? 

The security of your Personal Data is very important to us. The Personal Data collected on our Site is processed in line with secure protocols which considerably limit the risks of Data being intercepted or accessed by third parties.  

We notably use a range of protection technologies, such as encryption, authentication and fraud detection systems in order to protect your online account and payment transactions. 

Covered by written commitments, we ensure that service providers and data controllers provide guarantees and implement adequate security measures in order to protect the Personal Data entrusted to them for processing, in accordance with applicable personal data protection law. 

Due to the open nature of the internet, however, we are unable to exclude the possibility of piracy or unauthorised access by third parties. You accept these risks by continuing to use our Site. Within the limits of what is permitted under applicable laws, we reject all liability for any direct or indirect damage or loss You may suffer, or costs You may incur, due to any unauthorised access, loss or corruption of your Personal Data, including as a result of negligence. 

Password security: We take all necessary measures to ensure that the password associated with your Account is stored securely (encryption via a strong and single flow direction algorithm). 

However, password security also depends on its form. In order to be valid, we remind You that your password must be sufficiently complex and difficult to guess, even by someone who knows You well. When creating your AsmoConnect account via the internet, we offer You a password quality analysis tool and ask You to follow its recommendations.