ZENIMAX MEDIA ONLINE PRIVACY NOTICE

ZENIMAX MEDIA ONLINE PRIVACY POLICY

Last Updated: January 27, 2020


This ZeniMax Media Online Privacy Policy (“Policy”) describes how ZeniMax Media Inc. and our affiliates and subsidiaries (collectively, “ZeniMax,” “we” or “us”) collect, use and otherwise process the personal information we collect about our about customers, purchasers, subscribers, and/or users (each a “User”) of our mobile applications, games, websites and other online services (collectively, our “Services”).


Overview of Our Collection and Use of Personal Information


This table provides an overview and is intended to summarize key information about our information practices, which are further explained in our Privacy Policy below.  The actual information we collect about you and the use of such personal information will vary depending upon the nature of our relationship and interactions with you.

Categories of personal information collected

Uses of personal information

Name, contact info and other identifiers (e.g., name, email, address, username and alias; UID, BUID, device id, third party platform identifiers and account details (e.g., Playstation, Xbox, Steam, Facebook), and other online or unique identifiers)

  • Providing our Services and related support

  • Protecting the integrity of the Services

  • Analyzing and improving the Services and our business

  • Personalizing the Services

  • Advertising, marketing and promotional purposes

  • Securing and protecting our business

  • Defending our legal rights

  • Auditing, reporting, corporate governance, and internal operations

  • Complying with legal obligations

Paper and electronic customer records (e.g., your account and profile, which contains personal information, such as username, name, demographics and other characteristics or descriptions, email, address, telephone number, and other contact information, account credentials, communications preferences, and customer service and support tickets and other records)

Purchase history and tendencies (e.g., information about your subscriptions current and past payments and purchases, and your purchase tendencies)

Usage data (e.g., usage and preference details related to your use of the Services, such as language, in-game purchases, game-play statistics, scores, persona, characters, achievements, rankings, time spent playing, click paths, game profile, preferences and friends)

Geolocation data (e.g., for mobile games users)

Audio, video and other electronic data (e.g., call recordings of customer support calls, and User photos submitted to the Services)

Profiles and inferences (e.g., profiles based on your account and activities, that reflect your preferences, characteristics, and abilities related to the Services)

ESRB Privacy certification.  ZeniMax values the importance of your privacy and has received the ESRB Privacy Certification. ZeniMax is a valid licensee, and participating member of the Entertainment Software Rating Board's Privacy Certified Program (“ESRB Privacy Certified”). All Services where this Policy is posted and which display an ESRB certification seal have been reviewed and certified by ESRB Privacy Certified to meet established online information collection, use and disclosure practices. As a licensee of this privacy program, we are subject to audits of our Services and other enforcement and accountability mechanisms administered independently by the ESRB.

Individual rights. Please see Section 12. User Rights and Choices below for a description of the choices we provide and the rights you have regarding your personal information. If you are a California resident, please be sure to review Section 15.a.  Additional information for California Residents below for important information about the categories of personal information we collect and disclose and your rights under California privacy laws.  If you are in the European Economic Area, please see Section 15.b. Users in the European Economic Area for more information about your rights under the EU General Data Protection Regulation (GDPR).


Scope of Our Policy
Personal Information We Collect
Purposes of Use and Legal Bases for Processing of Personal Information
Disclosure and Sharing of Personal Information
Cookies, Analytics and Personalization
Interest-based Advertising
Third Party Links and Features
User Generated Content
Security of Your Information
Data Retention
International Transfers of Data
User Rights and Choices
Contact Details
Changes to this Policy
Additional Information for Users in Certain Jurisdictions

1. Scope of Our Policy

This Policy applies to the personal information that ZeniMax collects and processes about Users related to our Services, including games published by Bethesda Softworks and ZeniMax Online Studios, and games developed by other ZeniMax studios; more information about our studios is available at www.zenimax.com/studios. This Policy does not apply to any third party websites, services, products or mobile applications maintained by other companies, which are linked to from our Services.


By registering for an account with us, providing your information to us through the Services, or otherwise using any of our Services, you understand and acknowledge that ZeniMax may process your personal information in accordance with this Policy. If you do not want this Policy to apply to you, please do not use the Services or communicate with us via the Services. If required by applicable law, we will obtain your consent to our collection, use, transfer and disclosure of your personal information.


Personal Information. In this Policy, our use of the term “personal information” includes other similar terms under applicable privacy laws—such as “personal data” and “personally identifiable information.” In general, personal information includes any information that identifies, relates to, describes, or is reasonably capable of being associated, or reasonably linked or linkable with a particular individual.


Not Covered by this Policy. This Policy does not apply to job applicants and candidates who apply for employment with us, or to employees and non-employee workers in the context of our working relationship with them.


2. Personal Information We Collect

The information we collect about Users varies depending upon the circumstances and the Services used.

ZeniMax collects personal information directly from Users, automatically related to the use of the Services, and in some cases, from third parties (such as social networks, platform providers, payment processors, and operators of certain third party services that we use).


Information We Collect From You. Generally, we collect your personal information on a voluntary basis. However, if you decline to provide certain personal information that is marked mandatory, you may not be able to access certain Services or we may be unable to fully respond to your inquiry. We collect the following personal information from you:






Information We Collect and Receive From Third Parties. We may collect and receive personal information about you from third parties, such as:





Information We Collect About Your Usage and Activities. We collect personal information about how you use the Services and interact with us and others, such as information we collect automatically (e.g., using cookies and pixel tags), as well as information we derive about you and your use of the Services. Such information includes:





Children. ZeniMax does not knowingly request or collect personal information from children younger than 13 years of age. If you believe that we have collected personal information from a child under 13, please contact us as set forth in Section 13. Contact Details, below, and we will take action as necessary to securely delete such information.


3. Purposes of Use and Legal Bases for Processing of Personal Information

While the purposes for which we may process personal information will vary depending upon the circumstances, in general we use personal information for the purposes set forth in this section. In this section, we also explain the legal bases for which we process personal information about Users, as required by the EU General Data Protection Regulation (the “GDPR”).


Legal Bases for Processing. Pursuant to the GDPR (and other relevant laws), in general, we process your personal information for the following legal bases:



Purposes of Use and Processing. While the purposes for which we may process personal information will vary depending upon the circumstances, in general we use personal information for the purposes set forth below. Where GDPR or other similar laws apply, we have set forth the legal bases for such processing (see above for further explanation of our legal bases) in parenthesis.



4. Disclosure and Sharing of Personal Information

ZeniMax may disclose your personal information as follows, and we will obtain your consent to do so where required by applicable law:


Service Providers and Processors. We may engage vendors, agents, service providers, and affiliated entities to provide services to us or to Users on our behalf, such as support for the internal operations of our websites, online stores (including payment processors), products (such as our games) and services (e.g., forum operations, and technical support processing), as well as related offline product support services, data storage and other services. In providing their services, they may access, receive, maintain or otherwise process personal information on our behalf. Our contracts with these service providers do not permit use of your personal information for their own marketing and other purposes.


ZeniMax Group Companies. Your personal information may be processed by members of ZeniMax Group companies (see www.zenimax.com/legal_information) for purposes of assisting us to market our Services and games, analytics, research and demographic studies, development, and to help us improve and tailor the Services we provide. If you have consented, we may also share your personal information so that they may contact you about other products and services offered by ZeniMax affiliates as set forth in Section 12. User Rights and Choices below. Our subsidiary or affiliate companies are subject to this Policy when they use your personal information.


Legally Required. We may also disclose your personal information if we believe we are required to do so by law, or that doing so is reasonably necessary to comply with legal processes; when we believe necessary or appropriate to disclose personal information to law enforcement or other governmental or regulatory authorities or the courts (in any relevant jurisdiction worldwide), such as to investigate actual or suspected fraud or violations of law, breaches of security, or breaches of this Policy; to respond to any claims against us; and, to protect the rights, property, or personal safety of ZeniMax, our customers, or the public.


Corporate Transaction. In addition, your personal information may be disclosed as part of any proposed or actual merger, sale, and transfer of ZeniMax assets, acquisition, bankruptcy, or similar event.


With Consent. We may also disclose your personal information to any other affiliated or third parties where you have consented or requested that we do so.


Notwithstanding anything else in this Policy, we may share aggregate or de-identified information with third parties for research, marketing, analytics and other purposes, provided such information does not identify a particular individual and the individual cannot be re-identified.


5. Cookies, Analytics and Personalization

We and our third-party providers use cookies, clear GIFs/pixel tags, JavaScript, local storage, log files, and other mechanisms to automatically collect and record information about your browsing activities, gaming performance and use of the Services. We may combine this “activity information” with other personal information we collect about you. Generally, we use this activity information to understand how our Services are used, track bugs and errors, provide and improve our Services, establish matchmaking, verify account credentials, allow logins, track sessions, prevent fraud, and protect our Services, as well as for targeted marketing and advertising, to personalize content and for analytics purposes (see Section 12. User Rights and Choices below for information about opting-in out of certain uses of your personal information).


Below, is a summary of these activities. For more detailed information about these mechanisms and how we collect activity information, see our Cookie Policy, which applies to our sites that display or link to this Cookie Policy, available at https://bethesda.net/document/cookie-policy.


Log Files. We collect certain activity information from log files. Log file information is automatically reported by your browser or mobile application to our servers when you access our Services. We record certain information from these log files, including web requests, IP address, browser type and version, language information, referring and exiting URLs, links clicked, pages viewed and other similar information.


Cookies. Are small files with a unique identifier that are transferred to your browser through our websites. They allow us to remember Users who are logged in, to understand how Users navigate through and use our Services, and to display personalized content and targeted ads (including on third party sites and applications).


Clear GIFs, pixel tags and web beacons. These are tiny graphics with a unique identifier, similar in function to cookies that we use to track the online movements of Users of our Services and to personalize content. We also use these in our emails to let us know when they have been opened or forwarded, so we can gauge the effectiveness of our communications.


Anti-Cheat and Fraud Prevention Technologies. We use “anti-cheating” and fraud prevention tools or applications, which may collect information about your browser, device and activities within the Services, to detect and prevent fraud and cheating.


Analytics Tools. We may use internal and third-party analytics tools (see our Cookie Policy at https://bethesda.net/document/cookie-policy for a list of third parties) to collect and aggregate activity data and other data across multiple channels.


Do-Not-Track signals. Please note that our Websites do not recognize or respond to any signal which your browser might transmit through the so-called 'Do Not Track' feature your browser might have. If you wish to disable cookies on our Services, you should not rely on any 'Do Not Track' feature your browser might have.


6.Interest-based Advertising

We work with third party ad networks, channel partners, measurement services and others (“third party ad companies”) to display advertising within our Services, including third-party advertising, and to manage our advertising on third party sites, mobile apps and online services. We and these third party ad companies may use cookies, pixels tags, and other tools to collect activity information on our Services (as well as on third party sites and services), as well as IP address, device ID, cookie and advertising IDs, and other identifiers, general location information; we and these third party ad companies use this information to provide you more relevant ads and content within our Services and on third party sites and apps, and to evaluate the success of such ads and content. See our Cookie Policy ( https://bethesda.net/document/cookie-policy) for more details about the third party ad companies we work with and first and third party tags used on the Services and on third party sites and apps.


Ad Choices. You may control how participating third party ad companies use the information that they collect about your visits to our websites and use of our mobile applications, and those of third parties, in order to display more relevant targeted advertising to you; for more information and to opt-out of receiving targeted ads from participating third-party ad networks go to:





Opting out of participating ad networks does not opt you out of being served advertising. You may continue to receive generic or “contextual” ads on our Services. You may also continue to receive targeted ads on other websites, from companies that do not participate in the above programs.


Custom Lists and Matching. Unless you have opted out, we may share certain hashed customer list information (such as your name, email address and other contact information ) with third parties—such as Facebook and Google—so that we can better target ads and content to our Users, and others with similar interests, within their services. These third parties use the personal information we provide to help us target ads and to enforce their terms, but we do not permit them to use or share the data we submit with other third-party advertisers. You may opt out of this as set forth below, in Section 12. User Rights and Choices.


7. Third Party Links and Features

Our Services may contain links to third party sites that are not owned or controlled by ZeniMax. We are not responsible for the collection and use of your information by these third-party sites. We recommend that you read the privacy notice of the website to which you link before you submit any personal information.


In addition, our Services may include or incorporate social media and other third-party features (e.g., widgets, buttons, and plugins), which are operated by third party platforms and networks such Facebook, Steam, Twitch, Twitter, Instagram, YouTube, and others. These features are hosted by the respective third-party operator even though they appear on our Services, and subject to your cookie preferences or when using third-party features the third party may collect your IP address, URL, date and time stamp, browser details and the like, subject to their own privacy policies.


8. User Generated Content

You may choose to disclose information (including personal information) about yourself in the course of contributing user generated content to ZeniMax Services such as forums. Information that you disclose in any of these forums is unencrypted public information, and may be accessed by members of the public, who are not subject to this Policy. In addition, when you enter certain public areas of our Services, your username and other public profile information may be viewable by others. You should have no expectation of privacy as to any information you post or display in our forums or games, or in your profile, or that you otherwise make available on our or through our Services.


9. Security of Your Information

The security of your personal information is important to us. ZeniMax takes steps to protect against possible breaches of our Services and the personal information we maintain. However, no website or Internet transmission is completely secure. Thus, ZeniMax cannot and does not guarantee that unauthorized access, hacking, data loss, or other breaches will never occur. We urge you to take steps to keep your personal information safe, such as choosing a strong password and keeping it private, enabling multifactor authentication (where available), as well as logging out of your User account, and closing your web browser when finished using the Services.


10. Data Retention

We will retain your personal information as long as necessary for purposes for which the personal information was collected and is used by us, as stated in this Policy. If you wish to cancel your account or request that we no longer use your personal information to provide the Services to you please contact us as set forth below, in Section 13. Contact Details. However, if you withdraw consent or otherwise object to our collection, use and disclosure of your personal information, you may not be able to use the Services. Further, to the extent permitted by applicable law, we will retain and use your personal information as necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements.


11. International Transfers of Data

ZeniMax is headquartered in the United States, and has operations, entities and service providers in the United States and throughout the world. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions (including the United States and other jurisdictions where we, our affiliates and service providers have operations) that do not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through appropriate written data processing terms and/or data transfer agreements.


Users in the European Economic Area (EEA): Your personal information may be transferred to and processed in the United States and other jurisdictions that do not provide equivalent levels of data protection according to the European Commission. In such cases, ZeniMax will take steps to ensure that appropriate safeguards are in place to protect your personal information, including by putting in place standard contractual clauses as approved by the European Commission (the form for the standard contractual clauses can be found at http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm).


12. User Rights and Choices

ZeniMax gives Users several easy-to-use ways to access, amend and exercise their choices and rights regarding their personal information.


Marketing Preferences. You may change your email preferences and opt out of marketing communications through the Marketing Preferences tab in your account profile.



Push Notifications. In some of our mobile Services, we may send push notifications from time-to-time in order to update you about the game, events or promotions that we may be running. If you no longer wish to receive these types of communications, you may turn them off at the device level.


Remove Content. If you wish to request removal of any User content you have posted, please contact us as set forth below, in Section 13. Contact Details.


Access, Amendment and Deletion. Registered Users may review and update their profile information and communications preferences directly within their account. If you would like us to delete your personal information, you may contact us to delete your account. Please contact ZeniMax Privacy as set forth below, in Section 13. Contact Details, to exercise your rights or make a request regarding your personal information.


Submitting a Privacy Request. Privacy requests should be directed to the ZeniMax Media Inc.’s privacy team as set forth below in Section 13. Contact Details. Please keep in mind that certain Services will not be available if you withdraw your consent, or otherwise delete or object to our processing of certain personal information. We will respond to your request in accordance with applicable law, and we will inform you if we do not intend to comply with your request.


California residents have certain rights, under California privacy laws, regarding their personal information, which are set forth below, in Section 15. “Additional Information for California Residents”.


Individuals in the EEA have certain rights, under the GDPR, regarding their personal information, which are set forth below, in Section 15. “Additional Information for Users in the EEA” .


13. Contact Details

The controller for your personal information is ZeniMax Media Inc.,1370 Piccard Drive, Rockville, MD 20850 USA. In addition, for purchases made by Users in the EEA, ZeniMax Europe Ltd., Reg. No. 06333300, Haymarket House, 29-29 Haymarket, London SW1Y 4SP, is also a controller for your transaction data. This Policy applies to both ZeniMax Media Inc. and ZeniMax Europe Ltd., and data subjects may exercise their rights with respect to their EEA transaction data with both entities by contacting ZeniMax Media Inc. as set forth below.


If you have any questions, complaints or comments regarding our Policy or practices, please submit a request at:


https://help.bethesda.net/app/incident10/?prod=711&cat=1220 (Bethesda Users), or

https://help.elderscrollsonline.com/app/incident/?category=1220 (The Elder Scrolls Online Users).


You may also contact us via email or mail:


privacy@support.zenimax.com


ZeniMax Media Inc.
1370 Piccard Drive
Rockville, Maryland 20850 USA

Attn: ZeniMax Customer Service/Privacy


ZeniMax Media Inc. has appointed its subsidiary ZeniMax Europe Limited: Haymarket House, 28-29 Haymarket, London SW1Y 4SP, United Kingdom as its representative office for purposes of the GDPR.


As previously mentioned, we are a member of ESRB’s Privacy Certified Program. If you believe that we have not responded to your inquiry or your inquiry has not been satisfactorily addressed, please contact ESRB Privacy Certified at https://www.esrb.org/privacy/contact/ or:


ESRB

Attn: VP, Privacy Certified Program

420 Lexington Avenue, Suite 2240

New York, NY 10170 USA


privacy@esrb.org


14. Changes to this Policy

This Policy is current as of the Last Updated set forth above. We may change this Policy from time to time, so please be sure to check back periodically. We will post any changes to this Policy on our Services. If we make any changes to this Policy that materially affect our practices with regard to the personal information we have previously collected from you, we will endeavor to provide you with notice in advance of such change, such as by highlighting the change on website or sending you an email, and giving you additional choices regarding such change prior to the material change becoming effective.


15. Additional Information for Users in Certain Jurisdictions


a. Additional Information for California Residents.


Below, we provide information, as required under California privacy laws, including the California Consumer Privacy Act (“CCPA”), which requires that we provide California residents certain specific information about how we handle their personal information, whether collected online or offline. This section does not address or apply to our handling of publicly available information made lawfully available by state or federal governments or other personal information that is subject to an exemption under Section 1798.145(c) – (f) of the CCPA.


Categories of Personal Information We Collect and Disclose. Our collection, use and disclosure of personal information about a California resident will vary depending upon the circumstances and nature of our interactions or relationship with such resident. The table below sets out generally the categories of personal information (as defined by the CCPA) about California residents that we collect, sell, and disclose to others for a business purpose. We collect these categories of personal information from the sources described above, in Section 2. Personal Information We Collect, and for the purposes described above, in Section 3. Purposes of Use Purposes of Use and Legal Bases for Processing of Personal Information.


Categories of personal information

Do we collect?

Do we disclose for business purposes?

Name, Contact Info and other Identifiers: identifiers such as a real name, alias, address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers.  

Yes

Yes

Customer Records: paper and electronic customer records containing personal information, such as name, signature, physical characteristics or description, address, telephone number, education, current employment, employment history, social security number, passport number, driver’s license or state identification card number, insurance policy number, bank account number, credit card number, debit card number, or any other financial or payment information, medical information, or health insurance information.

Yes

Yes

Purchase History and Tendencies: commercial information including records of personal property, products or services purchased, obtained, or considered, or other purchasing or use histories or tendencies.

Yes

Yes

Usage Data: internet or other electronic network activity information, including, but not limited to, browsing history, clickstream data, search history, and information regarding a resident’s interaction with an internet website, application, or advertisement, including access logs and other activity information related to your use of any company websites, applications or other online services.

Yes

Yes

Geolocation Data: precise geographic location information about a particular individual or device.

Yes

Yes

Audio, Video and other Electronic Data: audio, electronic, visual, thermal, olfactory, or similar information such as, CCTV footage, photographs, and call recordings and other audio recording (e.g., recorded meetings and webinars).

Yes

Yes

Profiles and Inferences: inferences drawn from any of the information identified above to create a profile reflecting a resident’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Yes

Yes


Categories of Personal Information Sold. The CCPA defines a “sale” as disclosing or making available to a third party personal information in exchange for monetary or other valuable consideration. While we do not disclose personal information to third parties in exchange for monetary compensation from such third parties, we do disclose or make available personal information to third parties, in order to receive certain services or benefits from them. For example, we may allow third party tags to collect information such as browsing history through our Sites and Apps in order to better reach Users with relevant ads and to improve and measure our ad campaigns, or to display third party ads in our Services. Pursuant to the CCPA, the categories of Personal Information that we may “sell” as defined under the CCPA includes:



California Residents’ Rights. California law grants California residents certain rights and imposes restrictions on particular business practices as set forth below.


Do-Not-Sell. California residents have the right to opt-out of our sale of their personal information. Opt-out rights can be exercised by going to https://bethesda.net/document/cookie-preferences. We do not sell personal information about residents who we know are younger than 16 years old.


Initial Notice. We are required to notify California residents, at or before the point of collection of their personal information, the categories of personal information collected and the purposes for which such information is used. We will make this Privacy Policy available to Users online, in order to satisfy this requirement.


Requests to Delete. Subject to certain exceptions, California residents have the right to, at no charge, request deletion of their personal information that we have collected about them and to have such personal information deleted, except where an exemption applies.


Request to Know. California residents have the right to request and, subject to certain exemptions, receive a copy of the specific pieces of personal information that we have collected about them in the prior 12 months and to have this delivered, free of charge, either (a) by mail or (b) electronically in a portable and, to the extent technically feasible, readily useable format that allows the individual to transmit this information to another entity without hindrance. California residents also have the right to request that we provide them certain information about how we have handled their personal information in the prior 12 months, including the:



California residents may make a Request to Know up to twice every 12 months.


Submitting Requests to Know and Delete. Requests to Know and Requests to Delete may be submitted:



We will respond to verifiable requests received from California residents as required by law.


Right to Non-Discrimination. The CCPA prohibits discrimination against California residents for exercising their rights under the CCPA. Discrimination may exist where a business denies or provides a different level or quality of goods or services, or charges (or suggests that it will charge) different prices, rates, or penalties on residents who exercise their CCPA rights, unless doing so is reasonably related to the value provided to the business by the residents’ data.


Financial Incentives. A business may offer financial incentives for the collection, sale or deletion of California residents’ personal information, provided it is not unjust, unreasonable, coercive or usurious, and is made available in compliance with applicable transparency, informed consent, and opt-out requirements. California residents have the right to be notified of any financial incentives offers and their material terms, the right to opt-out of such incentives at any time, and may not be included in such incentives without their prior informed opt-in consent; we do not offer any such incentives at this time.


You Rights Under California’s Shine-the-Light Law. We do not share personal information collected online with unaffiliated third parties for their own direct marketing purposes and will not do so unless you agree to such disclosure. If you are a California resident and you still believe your information has been shared or you have general questions about how your information may have been shared, you may contact us by requesting a list of the third parties to which we have disclosed personally identifiable information about you for their own direct marketing purposes. You may make one request per year. In your request, please attest to the fact that you are a California resident and provide a current California address for your response. You may request this information in writing by contacting us via the contact details set out in Section 13. Contact Details above.


For more information about our privacy practices, you may contact us as set forth above, in Section 13. Contact Details.


b. Additional Information for Users in the EEA

Below, we inform about other rights, including GDPR and similar applicable laws, that may apply to you. Subject to the conditions set out in the applicable law, Users in in the European Union/European Economic Area (and in other jurisdictions where similar rights apply) have the following rights regards our processing of their personal information:







  • Right to object to marketing. You can ask us to stop processing your personal information to the extent we do so on the basis of our legitimate interests for marketing purposes. If you do so, we will stop such processing for our marketing purposes.

  • Right to object. Where our processing is on the basis of our legitimate interests (other than marketing purposes), we must stop such processing unless we have compelling legitimate grounds that override your interest or where we need to process it for the establishment, exercise or defense of legal claims. Where we are relying on our legitimate interests (other than marketing), we believe that we have a compelling interest in such processing, but we will individually review each request and related circumstances.




Please note that some of these rights may be limited, such as where we have an overriding interest or legal obligation to continue to process the data. Please contact us using the information set out above, in Section 13. Contact Details, if you wish to exercise any of your rights or if you have any enquiries or complaints regarding the processing of your personal information by us.