Effective Date: December 8, 2022
miHoYo Limited (“miHoYo”, “we”, “our”, or “us”) greatly recognizes and values the privacy of people (“you” or “user”) who visit our websites, use or access our games, whether played on mobile devices, PCs, our websites, or other approved platforms (“miHoYo Game(s)”), and/or otherwise use or access any of our provided services, including but not limited to customer support, marketing and advertising, and community services (collectively “miHoYo Services” or “our services”).
The minimum age to create a user account is 13 (“Account”) in general. Insofar as certain countries or platforms apply a higher age of consent for the collection of personal data, miHoYo requires parental or guardian consent before an Account is created and personal data associated with it is collected.
1. What Data We Collect and Process
Personal data means data that may be used to identify an individual, such as an email address, contact address, postal code, position data, title, occupation, personal interests, and other data that you choose to submit.
(1) Data We Collect (either directly or through a third party)
(ii) Telephone Number or Email Address. We only receive such information, if you voluntarily provide it to us, for linking your account with your telephone number and/or email address, logging in to our services by your email or telephone number, receiving updates to our services, and receiving verification codes by email or SMS for password changing or other purposes in accordance with Article 2(1) and 2(8) with consent. Besides, After taking appropriate technical security measures（such as encryption and hashing）to de-identify your email address, we will use your de-identified email address to measure the performance of our advertising and marketing programs in accordance with Article 2(6) and 2(10).
(iii) User Generated Content: Nickname, chat data (solely in the form of text), and message board data. We use the above information to deliver your messages to other users for social interaction in-game and to facilitate your communication with other users in accordance with Article 2(7) and 2(9) on the legal basis of performing our contract with you to provide our services (“Service Provision”).
(iv) User Service Information: Any information that you provide in communication with our support team, when you seek our technical and/or customer service support, and/or exercise any of your legal rights as the data subject. When receiving your request for support, we use such information to provide relevant support as you request and further improve our services in accordance with Article 2(10) on the legal basis of Service Provision. When receiving your request as the data subject, we use such information to verify the requestor’s identity to ensure that he/she is the person legally entitled to make the data access request or other request in accordance with Article 2(9) on the legal basis that it is necessary to perform our legitimate obligations as the data controller (“Obligation Performance”).
(v) Survey Information: The content of your survey responses. If you agree to participate in such surveys, we use such information to improve our services in accordance with Article 2(8) with consent.
(vi) Sweepstakes Participation Information: Name, email address, phone number, shipping address, UID, nickname, and country/region. If you agree to participate in such sweepstakes and win any prizes, we use your UID, address, and other information as necessary to provide digital prizes and/or ship physical prizes; and announce your UID and/or nickname in a partially-redacted format in accordance with Article 2(4) with consent. For users who have not won any prizes, we will not announce or display the above information in any form. For users who have won any prizes, we will store the above information in encrypted form and will not use such information beyond the purpose of such collection and process as provided in this clause.
(vii) E-sports Event Related Information: If you are applying for an event organized by us, please provide us with your name, country/region of residence, email address, phone number, and UID, which will be used by us to create your team. If you win any physical prizes in the above event, please provide us with your name, phone number, shipping address, and country/region of residence, which will be used by us to ship your prize. If you are qualified to attend the above event in person, please provide us with your resident ID and passport, which will be used by us to verify that you are located in the country/region provided by your application and make arrangements in accordance with Article 2(4) with consent. We will store the above information with encryption and will not use the above information for any purposes other than the purposes described above in this clause.
(viii) Internet Protocol (“IP”) Address. We use this information to allow you to connect to our servers in accordance with Article 2(1) on the legal basis of Service Provision.
(ix) Connected Social Media Account Information (Third-Party): Your social media account information (if you choose to log in to our services via your social media account(s) with the corresponding network(s)). In the case of Facebook, this refers to the email address and public profile of your Facebook account; in the case of HoYoverse Account, this refers to the account ID, the email address (if any) and the phone number (if any) of your HoYoverse Account; we use such information to create your account for using our services in accordance with your request, and to ensure that you may share in-game photos on the corresponding network(s) in accordance with Article 2(9) on the legal basis of Service Provision.
(x) Bugs, Errors, and Other Data About Crashes and Diagnosis Thereof (if the occasional system crash occurs in our services). Device information (name, model, memory size, and graphics card model), and in-game information (game version, user's UID, and exception stack); we use such information to conduct identity verification for security purposes, to identify and address bugs, and to evaluate and improve the functionality of our services in accordance with Article 2(3) and 2(4) on the legal basis that it is in our legitimate interest to ensure the security of our services, and to improve our services.
(xi) Advertising Information: Device ID, namely, advertising ID, IDFA (identifier for advertising, excluding the circumstance where you don’t allow the App to track), and IDFV (identifier for vendor). If you click on a link that advertises our services, we store such information with your profile to measure the performance of our advertising and marketing programs in accordance with Article 2(6) and 2(10) on the legal basis of our legitimate interests.
In order to better provide you with a complete gaming experience, we may merge and update our collected personal data with data from third-party contractors in order to update your data, perform market analysis, and/or otherwise improve our services.
(2) Data We Collect Only for System Functions
(i) Generated Open ID. We generate and use this information to store your game data (including level and progress) with your profile, and to allow you to connect to our servers in accordance with Article 2(1) on the legal basis of Service Provision.
(ii) IP Address. We use this information to allow you to connect to our servers in accordance with Article 2(1) on the legal basis of Service Provision.
(iii) Game Data. We use this information to provide you with feedback and information about your gameplay and progress in accordance with Article 2(4) and 2(9) on the legal basis of Service Provision.
(iv) Device-Related Information: Device ID, device information (name, device type, MAC address, IMEI, CPU, graphics card model, OS version and language, time zone, screen DPI, device resolution), registration time and login time. We use such information to improve our services including the functionality thereof in accordance with Article 2(9) and 2(10) on the legal basis that it is in our legitimate interest to ensure service security, manage registrations, and improve our services.
(v) Security-Related Information: For the Android version: application information (APK name, version, run-up time, progress name), user account, device information (model, OS version, brand, CPU structure, root status, unique identifier of ROM, screen resolution, system run-up time, whether an emulator is being used, installed APK information, MAC address, network type, names of running applications, list of file names in the cache directory of the SD card application, and Wi-Fi name); for the PC version: application information, memory, executable module, system driver module, new thread, new load module, proxy, network, CPU, disk, graphics card, account information, device name, specific file types for specific directory, names of process windows, and suspicious process module name signature; for the iOS version: application information (module and signature), device information (model, system kernel version, root status of device); in accordance with Article 2(9) on the legal basis that it is in our legitimate interest to ensure the security of our services.
You know and understand that since there are multiple versions of the game, the above information is collected for the purpose of adapting, developing, and updating for devices of different versions.
(vi) Malicious Content Information: Nickname, chat data (solely in the form of text), and message board data. In order to ensure a harmonious and healthy online environment in the game, we collect the above information to avoid some words that may offend or distress others (which breaches the Terms of Service, e.g. pornographic content) via your signature, nickname, or chat data within our services in accordance with Article 2(9) on the legal basis that it is in our legitimate interest to ensure security and a harmonious online environment within our services.
2. Why We Collect and Process Your Personal Data
In order to provide services, perform the Terms of Service, and/or any other agreements between you and miHoYo, and/or perform the legal liabilities under the applicable laws, we collect and process your personal data to:
(1) allow you to access or restrict your access to our services;
(2) analyze and manage our services for system administration, user service, security, fraud-detection, checking the authenticity of an account owner, archival and/or backup purposes;
(3) correct bugs or errors, improve our services and respond to customer desires and preferences, including language and location customization, personalized support and instructions, and other responses;
(4) develop new services or products which user(s) request and improve the user experience;
(5) verify and confirm payment;
(6) deliver advertising that may be relevant to your interests (you can choose to turn this feature on or off in the device settings as stated hereunder);
(7) communicate with other users and take action against violations;
(8) personalize your experience, keep you up to date with the latest product announcements, provide software verification, upgrades and administration, notify special events, offer to participate in our surveys or activities, and provide other information pertaining to our services;
(9) protect the integrity, safety, and security of our services, comply with legal obligations, and enforce compliance with the Terms of Service or other restrictions placed on your use of our services; and/or
(10) track your process across our websites and applications to verify that you are not a bot and to optimize our services.
In all of the above cases and purposes, you acknowledge and confirm that we may analyze, profile, segment, merge, and/or update all collected data (regardless of whether in an aggregated or individualized manner) for the purposes of improving service quality and providing a better experience.
Under any circumstance where our collection or processing of your personal data is based on your consent, you may withdraw such consent at any time with no impact on the validity and lawfulness of collection or processing based on the consent made before its withdrawal.
3. Advertisements and Your Choices
For the purpose of providing personalized advertisements, you acknowledge and agree that based on your consent we may collect and process the data to:
(1) deliver, target, and improve our advertising; and/or
(2) improve other marketing and promotional activities.
We may also deliver advertisements, market research, or surveys by ourselves or our authorized contractors, using the data you provide. If you do not wish to receive any marketing or advertising information from us or our contractors, please do not provide your personal data.
Pertaining to marketing or promotional communications, you may opt-out of receiving such communications in accordance with the instructions therein, such as SMS, email, online communication channels, or other contact methods provided by us. For example, you may opt-out of the out-of-game push notifications on mobile applications by checking the relevant settings and turning off “allow notifications” (iOS/Android).
Without your consent, we ensure that we will not use your data for marketing purposes, and after granting permission, you may also withdraw such consent at any time without impact on the validity and lawfulness of data usage prior to such withdrawal. For the avoidance of doubt, if we have knowledge that you are a registered user under the age of 13 (or 14 –16 if applicable), we will not target you with advertising.
4. Cookies or Similar Technology
We use the cookies, web beacons, and similar technology to personalize your experience with our services and for various other purposes, including:
(1) remembering you: cookies, web beacons and similar technology help us identify you as a registered user and keep the preferences or data that you have previously provided;
(2) analyzing how you use our services: cookies, web beacons and similar technology help us understand what visitors (including users) are doing with our services, or what pages or sections are most popular;
(3) delivering advertising: cookies, web beacons, and similar technology help us provide you with advertising that we believe is relevant to you or of interest to you on the basis of your provided data; and/or
(4) other related functions or purposes mentioned in Article 2 herein.
5. Who May Access Your Personal Data
In addition to miHoYo and/or its affiliates, other parties may also access your personal data in the following situations. You acknowledge that you have foreseen and agreed to the occurrence of such disclosure when you provide your personal data.
(1) Other In-Game Users of Our Services
Other users may take part in the in-game activities in which you participate in, access your displayed data, and read the messages you have posted on or through our services. You acknowledge and agree that our services may also include message boards, communities, forums, and/or other chat areas, where users may exchange ideas or communicate with other users, and that any data you post to any communication area is publicly viewable. We strongly recommend that all users avoid posting personal or sensitive data at any time on or through our services.
(2) Competent Authorities
We may provide a certain portion of your personal data to judicial or administrative authorities as so requested. Besides, we may disclose certain portion of your personal data within a strictly limited scope of recipients when we reasonably think it is necessary to protect us, our users, or a portion of the public.
(3) Third-Party Contractors
miHoYo works with a number of third parties (if any) on or through our services to help us provide services and functionalities to you. We do not sell your personal data and only share data that is non-personally identifiable on its own, aggregated, or public with third-parties under the following necessary circumstances, and such third-parties thereof are prevented from processing (including but not limited to accessing, storing, using, or disclosing) your personal data except for achieving the purpose of their cooperation with us:
(i) Social networking portals who provide login and/or content-sharing services to and in our services;
(ii) Logistics service providers who provide shipping services such as delivering physical prizes to users;
(iii) Information communication service providers who provide SMS-messaging services;
(iv) Payment service providers who provide payment services, such as assisting our services to run on, facilitating users’ payments, and maintaining a record of the users’ transaction history;
(v) Advertising service contractors who provide marketing and advertising activities, including conducting programs, tracking success, and analyzing effects thereof; and
(vi) Other contractors (if any) for the purpose of providing our services to you.
6. Data Retention
We will keep your data only for as long as your account is active or only for as needed to provide you miHoYo game services unless deleted in accordance with your request or as otherwise required by law. The locations of servers for the game services include:
In case you request to remove or delete your personal data, we will retain your data as long as necessary for our legitimate business interests, such as to comply with our legal obligations, resolve disputes, and/or enforce the agreements between you and us. Please note that the removal or deletion of any of your data may result in the termination of some of our applicable services.
We will only store your information as long as necessary to fulfil the purposes for which the information is collected and processed or where the applicable laws provide for longer storage and retention period. Upon expiration of such period, your personal data will be deleted, blocked, or anonymized, in accordance with the applicable laws.
7. Your Rights
If you request in writing, we will provide you a copy of your personal data in an electronic format after passing our verification process. You also have the right to correct or modify your data, have your data deleted, object to how we use or share your data, restrict how we use or share your data, and make any other request as provided herein or regulated by the applicable regulations of the relevant authorities (including but not limited to the GDPR and the CCPA) through sending an email to the email address of our DPO (short for “Data Protection Officer”) as agreed in Article 10. Upon receiving your request via email, we will promptly conduct a verification process including but not limited to instructing you to provide information to confirm that you are the user from whom we have collected information, subject to the specific instructions of our DPO.
(1) Right to Know About Personal Information Collected, Disclosed, or Sold
You have the right to access your personal data, i.e. the right to require free of charge, (i) information whether your personal data is collected, used, disclosed, or sold, (ii) categories of your personal data that have been collected in the preceding 12 months, (iii) categories of sources from which your personal data is collected, (iv) business or commercial purpose for collecting or selling your personal data (if any), (v) disclosure of sale of your personal data (if any): i.e. the categories of your personal data which have been disclosed or sold (if any) to third-parties in the preceding 12 months, the categories of third parties to whom your personal data was disclosed or sold (if any), statement regarding whether we have actual knowledge that we sell your personal data if you are under 16 years of age; and you have the right to require us to provide a duplicate of your personal data undergoing processing, subject to submitting a verifiable request in the form of an email to our DPO’s email address as agreed in Article 10. You can also exercise the right to access your personal data through Account Management on our websites. According to our reasonable and unilateral judgement, if your verifiable request affects or will affect the rights or freedom of other users or is manifestly unfounded or excessive, we reserve the right to charge a reasonable fee (taking into account the administrative costs arising therefrom) or refuse to act on the request.
(2) Right to Rectify
If we process your personal data, we shall endeavor to ensure, by implementing suitable measures, that your personal data is accurate and up-to-date for the purposes for which it was collected. If your personal data is inaccurate or incomplete, you have the right to obtain rectification of your inaccurate personal data without undue delay according to Article 16 of the GDPR and you can modify the information you provided via Account Management on our websites.
(3) Right to Request Deletion of Personal Information
You acknowledge and agree that as a result of deleting your Account, you will lose access to miHoYo services, including the Account, subscriptions game-related information linked to such Account, and lose the possibility to access other services through such Account.
(4) Right to Object
(5) Right to Restrict Processing
You have the right to restrict the processing of your personal data under the conditions set out in Article 18 of the GDPR or any other applicable laws in your country/region of residence.
(6) Right to Personal Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller under the conditions set out in Article 20 of the GDPR or any other applicable laws in your country/region of residence. miHoYo makes your personal data available through the privacy dashboard as described above.
(7) Right to Opt-Out of the Sale of Personal Information (if applicable)
You have the right to opt-out of the sale of your personal data (if any) and require us to make a statement regarding whether or not we sell your personal data and provide an opt-out mechanism or link to it except as otherwise stipulated in the CCPA.
(8) Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights
You have the right not to receive discriminatory treatment by us for the privacy rights conferred by the CCPA, namely that we shall not offer financial incentive or a price or service difference due to your exercise of any of your rights under the CCPA unless such difference is reasonably related to the value of your personal data. Notwithstanding the foregoing, we have the right to deny your request to know, request to delete, or request to opt-out for reasons permitted by the CCPA or those regulations thereof, and such denial shall not be considered discriminatory.
(9) Right to Authorize an Agent to Make a Request on Your Behalf
You have the right to authorize an agent on your behalf to make a request to know, delete, or opt-out under the CCPA. When you use an authorized agent to submit any request provided above, we may require you to provide signed permission to authorize your agent to do so for the purpose of verifying your own identity, and the official permission by your agent to submit this request. In the case of failure to provide any of the requested materials, to protect the user’s information and data security, we are entitled to denying such request.
Notwithstanding the foregoing, if the applicable laws in your country/region of residence provide otherwise, such laws shall govern.
8. Securing Your Data
Pertaining to your use of our services, we have endeavored to take reasonable measures to prevent unauthorized access to or improper use of your personal data, such as organizational controls, technical protection, and other protection measures.
Unfortunately, the transmission of information via the internet is not completely secure. While we strive to protect your personal data, we also remind you to be aware of hacking, cyberattacks, and other risks on the Internet. Therefore, we strongly urge you to take every possible precaution to protect your personal data when using our services, including but not limited to changing your passwords from time to time, not reflecting your real name or other personal data in registration, using a combination of letters and numbers when creating passwords, using a secure browser, and/or taking other possible security measures. Please note that for security reasons, we store passwords in encrypted form.
9. Age Limits and Children Protection
You represent that you are an adult in your country/region of residence (or at another age in your jurisdiction where you are classified as a majority) when using miHoYo Services. If you are a minor or under the legal age of majority (“Minor” or “Children”), please do not send any personal data about yourself to us, including your name, address, telephone number, or email address.
Notwithstanding the foregoing, we recognize that we have a special obligation to protect children in regards to the collection and processing of personal data, and we do not and will not knowingly collect personal data from children without consent from their parents or guardians. We strongly urge parents and guardians to instruct their children never to disclose any of their personal data when using our services without the prior permission of their parents or guardians. If we learn that we have collected a child’s personal data, we will delete such data as quickly as possible. Also, if you believe that we might have any data from or about a child, please contact us at our DPO’s email.
10. Contact and Complaints
Last Updated: December 8, 2022