PRIVACY POLICY

Super League Gaming, Inc. (“SLG”) makes reasonable efforts to protect the privacy of your personal information. This Privacy Policy was created to demonstrate our commitment to fair information practices. This Privacy Policy covers SLG’s use of personal information that we collect in the normal course of our business, when you use our corporate websites (www.superleague.com, www.framerate.gg, and www.minehut.com) and when you otherwise interact with us, including when you attend events hosted or attended by SLG and when you contact us for support (collectively, the “Services”).

In addition to covering how we collect, use, disclose, transfer, and store your information, this policy also discloses our purpose and lawful basis for processing your information, and your related rights. Our legal basis for collecting and using personal information will depend on the personal information concerned and the specific context in which we collect it. In most cases, the lawful basis will be that the processing:  (i) is necessary for our legitimate interests in carrying out our business with you, including direct marketing, provided those interests are not outweighed by your rights and interests, or (ii) is necessary to perform a contract with you. Where processing is based on your consent, we will identify the processing purposes and provide you with relevant information to make the processing fair and transparent. If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place.

SLG may update this Privacy Policy from time to time. In the event we make any material changes to this Privacy Policy, we will notify you by email or by posting the revised policy on our corporate websites noted in the initial paragraph. When we update this Privacy Policy, we will note the date the most recent revision was posted below, at the end of the policy. Any revisions will become effective upon (7) calendar days following such posting on our corporate websites.

  1. Definitions

In this policy the following words have the following meanings:

 “Data Protection Laws” means any Applicable Law relating to the processing, privacy, and use of Personal Data, including (a) in the United Kingdom, (i) the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003, SI 2003/2426, and any laws or regulations implementing Directive 95/46/EC (Data Protection Directive) or Directive 2002/58/EC (ePrivacy Directive); and/or (ii) the General Data Protection Regulation (EU) 2016/679 (GDPR), and/or any corresponding or equivalent national laws or regulations (Revised UK DP Law) (b) in member states of the European Union, the Data Protection Directive or the GDPR, once applicable, and the ePrivacy Directive, and all relevant member state laws or regulations giving effect to or corresponding with any of them; and (c) any judicial or administrative interpretation of any of the above, any guidance, guidelines, codes of practice, approved codes of conduct or approved certification mechanisms issued by any relevant Supervisory Authority;

“Personal Data” means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and where referred to in this policy includes special categories of Personal Data.

  1. Information we collect from you

Depending on the context in which you interact with us, SLG may collect or receive the following information:

    1. Account and Profile Information: When registering on our Web site, users must provide their email address, their age, a username and select either “Parent” or “Gamer”. Those items are the only information required by our registration process, and we do not require users under the age of 13, or any users, to disclose more information than is reasonably necessary to participate in an activity. Once registered, each user over the age of 13 has the option, but is not required, to complete an account profile with any of the following additional information: first name, last name, street address, city, state/province/region of residence, and country of residence. Users under the age of 13, or their parents on their behalf, may optionally provide their name, create a SLG profile name, and/or provide their username(s) on third-party gaming platforms (such as Minecraft). Our Web site includes in-site communications tools (e.g., forums, comments, or chat), where it is possible for users to provide personal information that is visible to other users. Parents or guardians of children under 13 should note our in-site communications tools permit a child user to post text or media (including photographs or video) through which the child could provide personal information that would be visible to other users. Additionally, at our in-person or in-theater events, we, our third-party partners, the media, and/or other SLG members may wish to take photos, videos, or audio recordings of those in attendance. When you use our Web site to purchase items, pay for attendance at events, or provide verifiable parental consent to our use of personal information for those under the age of 13, we also require your billing information, such as a credit card number and billing address.
    2. Service Information: When you use our Services, we receive information generated through the use of the Services, either entered by you or others who use the Services, or from the Services infrastructure itself. This information may include, but is not limited to, name, username, company/organization, company/organization address, email address, phone number, IP address, MAC address, latitude, longitude, device name(s), device ID(s), and directory ID or other information you place within the Services.
    3. Performance and Usage Data: We may collect statistical, usage, configuration, and performance data of the Services to monitor the performance, integrity, and stability of the Services. Further, we may use and disclose this information for any purpose, provided that such data is first de-identified.
    4. Payment Information: We use third party payment processors to process payments made to us. In connection with the processing of such payments, we do not retain any personally identifiable information or any financial information such as credit card numbers. Rather, all such information is provided directly to our third-party processors whose use of your personal information is governed by their privacy policies. The privacy policies of our current third-party processors may be viewed at www.msoffice365.email/privacy-policy, www.aws.amazon.com/privacy, www.automattic.com/privacy/, https://airtable.com/privacy-previous, and www.mailchimp.com/legal/privacy.
    5. Information from Third Parties: We receive information from third party business partners such as the contact details of prospects and sales leads. In addition, we collect information from public databases or other data you may have made publicly available, such as information posted on professional networks and social media platforms.
    6. Location Information: Some of our applications collect general location information based on IP address. This information is used to customize the services provided to you, such as location-based information of specific managed devices. Location information is only viewable by the end user. We do not use, disclose, or sell location information for the purposes of providing targeted marketing or advertisements.
  1. Information we collect from children

The Children’s Online Privacy Protection Act of 1998 and its rules (collectively, “COPPA”) require us to inform parents and legal guardians (as used in this policy, “parents“) about our practices for collecting, using, and disclosing personal information from children under the age of 13 (“children“). COPPA and the GDPR also require us to obtain verifiable consent from a child’s parent for certain collection, use, and disclosure of the child’s personal information.

Parents of users under 13 years old:

As a matter of policy, SLG does not collect personal information from any person under the age of 13.  To ensure we comply with this policy, we utilize industry-accepted means of gating new users as they interact with us.  If this policy were to change at any time in the future, SLG is committed to obtaining verifiable parental consent before collecting, using, or sharing any personal information from children under the age of 13. This would work as follows: Our account registration process screens users for age. Those under the age of 13 would be instructed to involve their parent or guardian in the registration process, and we would obtain the parent or guardian’s email address. SLG would then send direct notice to the parent or guardian via an email that advises the parent or guardian of the following:

1) that SLG will collect their online contact information to give them notice and subsequently update them about their child’s participation in our website;

2) that SLG wishes to collect personal information from their child;

3) that their consent is required for the collection, use, and disclosure of this information;

4) what information will be collected, and how it might be disclosed to others;

5) that this Privacy Policy describes our information use, collection, and deletion practices;

6) that consent can be given via a credit card transaction or by signing and returning a form; and

7) that if consent is not given within a reasonable time, SLG will delete the parent’s email address from its records.

Through a link in the email, the parent or guardian is taken to a web page where he or she confirms receipt of the direct notice we sent via email, and provides verifiable parental consent by permitting us to charge a small amount to the parent’s or guardian’s credit card, debit card, or other online payment system that provides notification of each discrete transaction to the primary account holder.

We verify the payment method by charging a small, nonrefundable fee to that account. This is the most common method allowed by law for obtaining verifiable parental consent. It costs us more to process the transaction than the amount the payment method is charged, and we do not make any money from the transaction. Alternatively, the direct notice we send parents and guardians also directs them to a downloadable consent form that can be printed, signed, and sent back to us via mail or electronic scan to:

Super League Gaming, Inc.

2906 Colorado Ave.

Santa Monica, CA 90404 USA

info@superleague.com

phone: (802) 294-2SLG (2754)

Parents or guardians of children under 13 can agree to our collection and use of their child’s information, but still opt out of our disclosure of such information to our partners. Parents or guardians may opt out of such disclosure when providing their consent, or by contacting us directly.

Parents or guardians of children under 13 can review their child’s personal information, direct us to delete it, and refuse to allow further collection or use of the child’s information by contacting us directly at the address or number listed above. When deletion is requested, we ensure that a child’s personal information is deleted in a manner that safeguards against a security breach and protects against its unauthorized access or use, though it is possible the information may persist as residual copies or in our backup systems for some time after we have directed its deletion.

If we make any material change in the collection, use, and disclosure practices described here, in addition to updating this Privacy Policy, if you are a parent or guardian of a child under 13 years old we will contact you at the email address we used to provide you with direct notice of our information collection, use, and retention practices in order to notify you of any such change.

Law Enforcement; Safety: We may access, preserve, and/or disclose the information we collect and/or content you and/or your child provides to us (including information posted to our in-site communications tools) to a law enforcement agency or other third parties if required to do so by law or with a good faith belief that such access, preservation, or disclosure is reasonably necessary to: (i) comply with legal process; (ii) enforce SLG’s Terms of Use or other agreements; (iii) respond to claims that the content violates the rights of third parties; or (iv) protect the rights, property, or personal safety of the owners or users of SLG, a third party, or the general public. We also may disclose information whenever we believe disclosure is necessary to limit our legal liability; to protect or defend our rights or property; or protect the safety, rights, or property of others.

In-Site Communications Tools:

Our Web site includes various in-site communications tools (e.g., forums, comments, or chat). Parents of children under 13 should note our in-site communications tools permit a child user to post text or media (including photographs or video) through which the child could provide personal information that would be visible to other users. Please be aware that anyone may read postings on certain in-site communications tools. Any information which is posted to such in-site communications tools could include personal information, which would be disclosed and available to other users of that tool and would not therefore be private. SLG cannot guarantee the security of information that any user discloses or communicates online in public areas. Those who do so, do so at their own risk. We reserve the right to monitor the content of our in-site communications tools. If age inappropriate material or potentially identifiable information is seen, it may be removed or edited by us for security, privacy and/or legal reasons. We will not republish postings from our in-site communications tools elsewhere on the Web.

  1. Use of collected information.
    1. We will only use your Personal Data to the extent the law allows us to do so. Under the GDPR we rely on the following legal bases for processing your Personal Data:
      1. where you have given us your consent;
      2. where it is necessary to perform a contract, we have entered into or are about to enter into with you; and
      3. where it is necessary for the purposes of our legitimate interests (or those of a third party) and your interests or fundamental rights and freedoms do not override those interests.
    2. We use information held about you in the following ways:
      1. processing of an enquiry received from you; and
      2. processing a request for further information or in response to you expressing an interest in one or more of our products or services.
    3. We will use information you give to us:
      1. to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
      2. to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
      3. to provide you, or permit other SLG companies to provide you, with information about goods or services related to your enquiry;
      4. to notify you about changes to the Services; and
      5. to ensure that content from our site is presented in the most effective manner for you and for your computer.
    4. We will use information we collect about you:
      1. to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
      2. to improve our site to ensure that content is presented in the most effective manner for you and for your computer; and
      3. as part of our efforts to keep our site safe and secure.
    5. We may combine information we receive from other sources with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
  1. Disclosure of your information
    1. You agree that we have the right to share your Personal Data with:
      1. Selected third parties including business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you; and
      2. Analytics and search engine providers that assist us in the improvement and optimization of our site.
    2. We will not disclose your personal information to third parties except:
      1. In the event that we sell or buy any business or assets, in which case we will disclose your Personal Data to the prospective seller or buyer of such business or assets.
      2. If SLG or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets.
      3. If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce other agreements; or to protect the rights, property, or safety of SLG, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
  1. Where we store your Personal Data
    1. All information you provide to us is stored on our secure servers. In addition, we use Auth0 for universal identity access authentication of all SLG users, and Auth0 stores all SLG user identification in connection with providing its GDPR compliant service to us.
    2. Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
  1. Retention of Personal Data
    1. We will only retain your Personal Data for as long as necessary to fulfil the purposes for which we collected your Personal Data.
    2. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of that Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
  1. Your rights under GDPR. Under certain circumstances, you have the right to:
    1. Request access to your Personal Data (commonly known as a “subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
    2. Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
    3. Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data in certain circumstances.
    4. Object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
    5. Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Persona Data about you, for example if you want us to establish its accuracy or the reason for processing it.
    6. Request the transfer of your Personal Data to another party.
      1. If you want to review, verify, correct or request erasure of your Personal Data, object to the processing of your Personal Data, or request that we transfer a copy of your Personal Data to another party, please contact us as indicated in the Contact section of this Policy.
      2. Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any Personal Data to these websites.
    7. To exercise any of the above rights, you can contact SLG using the information in Section 13 below. You may also have the right to make a GDPR complaint to the relevant Supervisory Authority. A list of Supervisory Authorities is available here:  http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
  1. Privacy Shield Frameworks for EU, United Kingdom, and Swiss Individuals

For individuals covered by Privacy Shield, SLG complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries (including Iceland, Liechtenstein, and Norway), the United Kingdom, and Switzerland transferred to the United States pursuant to Privacy Shield.  SLG has certified that it adheres to the Privacy Shield Principles with respect to such data. If there is any conflict between the policies in this privacy policy and data subject rights under the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, SLG is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

    1. Pursuant to the Privacy Shield Frameworks, EU, United Kingdom, and Swiss individuals have the right to obtain our confirmation of whether we maintain personal information relating to you in the United States. Upon request, we will provide you with access to the personal information that we hold about you.  You may also correct, amend, or delete the personal information we hold about you.  An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data transferred to the United States under Privacy Shield, should direct their query to data@superleague.com. If requested to remove data, we will respond within a reasonable timeframe.
    2. We will provide an individual opt-out or opt-in choice before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to data@superleague.com.
    3. In certain situations, we may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
    4. SLG’s accountability for personal data that it receives in the United States under the Privacy Shield and subsequently transfers to a third party is described in the Privacy Shield Principles. In particular, SLG remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless SLG proves that it is not responsible for the event giving rise to the damage.
    5. In compliance with the Privacy Shield Principles, SLG commits to resolve complaints about your privacy and our collection or use of your personal information transferred to the United States pursuant to Privacy Shield. European Union, United Kingdom, and Swiss individuals with Privacy Shield inquiries or complaints should first contact us by email at data@superleague.com or using the mailing address listed below.
    6. SLG has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. This service is provided free of charge to you.
    7. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. If your Privacy Shield complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See Privacy Shield Annex 1 at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
    8. For this Privacy Policy and its content, SLG is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). If SLG becomes subject to an FTC or court order based on non-compliance with this policy or Privacy Shield, SLG shall make public any relevant Privacy Shield related sections of any compliance or assessment report submitted to the FTC, to the extent consistent with confidentiality requirements.
  1. Non-EU/Non-United Kingdom/Non-Switzerland Individuals

SLG commits to resolve complaints about your privacy and our collection or use of your personal information. Non-EU/Non-United Kingdom/Non-Switzerland individuals with inquiries or complaints regarding this privacy policy please contact us as indicated in the Contact section of this Policy.

  1. Agreement to Arbitrate

Except for individuals covered by Privacy Shield, in the event of a dispute between you and SLG arising under or relating to the Privacy Policy, either party may choose to resolve the dispute by binding arbitration, as described below, instead of in court (the “Arbitration Agreement”). California law shall govern. Any claim (except for a claim challenging the validity or enforceability of this arbitration agreement, including the Class Action Waiver) may be resolved by binding arbitration if either side requests it. THIS MEANS IF EITHER YOU OR SLG CHOOSE ARBITRATION, NEITHER PARTY SHALL HAVE THE RIGHT TO LITIGATE SUCH CLAIM IN COURT OR TO HAVE A JURY TRIAL. ALSO, DISCOVERY AND APPEAL RIGHTS ARE LIMITED IN ARBITRATION.

  1. Class Action Waiver

EXCEPT FOR INDIVIDUALS COVERED BY PRIVACY SHIELD, ARBITRATION MUST BE ON AN INDIVIDUAL BASIS. THIS MEANS NEITHER YOU NOR SLG MAY JOIN OR CONSOLIDATE CLAIMS IN ARBITRATION BY OR AGAINST OTHER INTERESTED PARTIES OR LITIGATE IN COURT OR ARBITRATE ANY CLAIMS AS A REPRESENTATIVE OR MEMBER OF A CLASS OR IN A PRIVATE ATTORNEY GENERAL CAPACITY.

  1. Governing Law and Rules for Arbitration.

Except for individuals covered by Privacy Shield, the Arbitration Agreement is governed by the Federal Arbitration Act (FAA). Arbitration must proceed only with the American Arbitration Association (AAA) or Judicial Arbitration and Mediation Services (JAMS). The rules for the arbitration will be the procedures of the chosen arbitration organization. If the organization’s procedures change after the claim is filed, the procedures in effect when the claim was filed will apply. Arbitration hearings will take place in Los Angeles, California. A single arbitrator will be appointed. The arbitrator must:

    • Follow all applicable substantive law, except when contradicted by the FAA;
    • Follow applicable statutes of limitations;
    • Honor valid claims of privilege; and
    • Issue a written decision including the reasons for the award.

The arbitrator’s decision will be final and binding except for any review allowed by the FAA. However, if more than $100,000 was genuinely in dispute, then either you or SLG may choose to appeal to a new panel of three arbitrators. The appellate panel is completely free to accept or reject the entire original award or any part of it. The appeal must be filed with the arbitration organization not later than 30 days after the original award issues. The appealing party pays all appellate costs unless the appellate panel determines otherwise as part of its award. Any arbitration award may be enforced (such as through a judgment) in any court with jurisdiction.

  1. Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to us at:

Super League Gaming, Inc.

Attn: Data Protection Officer

2906 Colorado Ave.

Santa Monica, CA 90404

E-mail:  legal@superleague.com

Dated:  October 22, 2019