Effective as of: 24 May 2022
You should also review any specific terms and policies applicable to a given Business and Developer Service (collectively, the “Terms”), which are fully incorporated herein by reference.
1. Who decides how your information is used
Niantic, Inc. is the data controller generally responsible for making decisions about how we use your personal information . If however you are based in the European Economic Area (EEA), in the United Kingdom (UK), or in Russia, your data controller is Niantic International Limited in the UK.
2. The information we collect about you and how we use it
We need to collect and use certain Personal Data to provide the Business and Developer Services to you and fulfil the promises we make to you in the Terms:
- When you sign up or apply for the Business and Developer Services (your “Account”), you give us Personal Data voluntarily by providing it to us. We collect and use that information in order to authenticate you when you register for an Account and use the Business and Developer Services, to make sure you are eligible and able to receive the Business and Developer Services, and so that you receive the correct version of the Business and Developer Services. This may include: information about you (your name, email address, and phone number) and your business (business name, business address, physical location, phone number, industry, and / or a copy of your local business license, and / or other information relevant to verifying your business as applicable), as well as internal account IDs that we may assign to your account.
- If you choose to link your Google account to the Business and Developer Services, we will collect your Google email address and an authentication token provided by Google.
- If you choose to link your Facebook account to the Business and Developer Services, we will collect a unique user ID provided by Facebook and your Facebook registered email address.
- Some external providers may notify you that they make additional information, such as your public profile, available to us when you use their single sign-on services. We do not collect that information from them.
- If you upload data using the “Private Scan” user flow in the Niantic Wayfarer Application, we will collect Personal Data to enable you to test certain AR features offered as part of the Business and Developer Services (subject always to the Lightship Developer Platform Terms of Service). This includes geospatial information, 3D imagery and related data. You can access and delete your “Private Scans” at any time through the Lightship Website.
In addition, we have and rely on a legitimate interest in using your Personal Data as follows:
- Using your IP address, browser type, operating system, the web page you were visiting before accessing our Business and Developer Services, the pages of our Business and Developer Services which you browsed or the features you used, and the time spent on those pages or features, the links on our Business and Developer Services that you click on, and device and advertising identifiers, to understand who is using our Business and Developer Services and how.
- Using your contact information, such as your email address, in order to communicate with you to provide technical and customer support;
- To request feedback and to otherwise contact you about your Account or your use of the Business and Developer Services;
- To personalize and improve the features that we offer you through our Business and Developer Services, or to provide you with new or additional services.
- To notify you about important changes to the Business and Developer Services;
- To carry out anti-fraud measures and to ensure that you and other users are complying with our Terms; and
- To make legal or regulatory disclosures, and to establish, exercise, or defend legal claims.
While you may disable the usage of cookies through your browser settings, Niantic currently does not respond to a “Do Not Track” signal in the HTTP header from your browser or mobile application due to the lack of industry standard on how to interpret that signal.
3. Who we share information with
We will not share any Personal Data that we have collected from or regarding you except as described below:
- run, operate and maintain the Business and Developer Services;
- perform analytics, including content moderation and crash analytics;
- provide technical and customer support; and
- process payments for the Business and Developer Services or other purchases.
- Information Disclosed for Our Protection and the Protection of Others. We cooperate with government and law enforcement officials or private parties to enforce and comply with the law. We only share information about you to government or law enforcement officials or private parties when we reasonably believe necessary or appropriate: (a) to respond to claims, legal process (including subpoenas and warrants); (b) to protect our property, rights, and safety and the property, rights, and safety of a third party or the public in general; and (c) to investigate and stop any activity that we consider illegal, unethical, or legally actionable.
- Information Disclosed in Connection with Business Transactions. We may share Personal Data and other data with businesses controlling, controlled by, or under common control with Niantic. If we are acquired by a third party as a result of a transaction such as a merger, acquisition, or asset sale or if our assets are acquired by a third party in the event we go out of business or enter bankruptcy, some or all of our assets, including your Personal Data, will be disclosed or transferred to a third party acquirer in connection with the transaction.
4. How your Personal Data is transferred
If we transfer your Personal Data from the EEA to other countries, including the USA, we ensure that a similar degree of protection is provided to your Personal Data as within the EEA by ensuring that at least one of the following safeguards is implemented:
- The country that your Personal Data is transferred to is a country that the European Commission has deemed to provide an adequate level of protection for Personal Data as the EEA.
- We use specific contracts approved by the European Commission which give Personal Data the same protection as it has in Europe when we engage with service providers.
5. How long we keep your Personal Data
6. How we keep your Personal Data safe
We have appropriate security measures in place to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, improperly altered or disclosed. We also limit access to your Personal Data to employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7. Your rights and choices
You have certain rights in relation to your Personal Data. In order to exercise these rights, please contact us at: firstname.lastname@example.org.
- Request access to the Personal Data we hold on you.
- Delete or correct your Personal Data.
- Object to us processing your Personal Data or ask us to stop using your Personal Data. Some of the Personal Data we hold is necessary for us to provide the Business and Developer Services to you and fulfill the promises we make to you in the Terms.
- Complain to a regulator. We’d appreciate the chance to deal with your concerns directly so we’d prefer you to contact us first. However, if you’re based in the UK or the EEA and believe that we have not complied with data protection laws, you can complain to your local data protection authority.
- If you’re based in the EEA, you can also contact our EU Representative, EDPO. EDPO can be contacted:
- by using EDPO’s online request form: https://edpo.com/gdpr-data-request/
- by writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium
The law provides exceptions to these rights in certain circumstances. Where you cannot exercise one of these rights due to such an exception, we will explain to you why.
We offer you choices regarding the collection, use, and sharing of your Personal Data and we’ll respect the choices you make. Please note that if you decide not to provide us with the Personal Data that we request, you may not be able to access all of the features of the Business and Developer Services.
We aim to provide the information or complete the outcome you request within 30 days.
Our Business and Developer Services are not intended for—and we don’t direct them to—children under the age of 18 (or the age of majority in your country of residence, if different). Accordingly, we do not knowingly collect personal information from any minor in connection with the Business and Developer Services. If we learn that we have collected Personal Data of any minor in connection with the Business and Developer Services, we will take steps to delete such information from our files as soon as possible.