If you have any questions regarding our use of your personal data, please feel free to contact us over the channels provided below.
Who We Are?
ESL Gaming Online, Inc.
Managing Director: Craig Levine
1202 Chestnut Street
Burbank, CA 91506
Our email address for all privacy matters is: [email protected]
Our representative in the EU according to Art. 27 GDPR is:
ESL Gaming GmbH
Managing Directors: Ralf Reichert, Stefan Beitz
Recorded at local court of Cologne (AG Köln) under number HRB 36678
email: [email protected]
Its email address for all privacy matters is: [email protected]
Meaning of Terms
- 'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
- 'processing' means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- 'controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
- 'processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
As a controller we need a legal basis to process your data lawfully, according to Art. 6 para. 1 GDPR. If:
- you have given your consent to the processing of your personal data for one or more specific purposes, this forms a legal basis according to Art. 6 para. 1 let. a) GDPR;
- the processing is necessary for the performance of a contract between you and us or in order to take steps at your request prior to entering into a contract, the legal basis for this is Art. 6 para. 1 let. b) GDPR;
- the processing is necessary for compliance with a legal obligation to which we are subject, the legal basis for this is Art. 6 para. 1 let. c) GDPR;
- the processing is necessary to protect our legitimate interests or legitimate interests of a third party and such legitimate interests are not outweighed by your interests or fundamental rights and freedoms, the legal basis for this is Art. 6 para. 1 let. f) GDPR.
Under the GDPR you have certain rights concerning the processing of personal data by us. According to the GDPR you have the following rights:
- Right of information: You have the right to be provided information regarding the processing of your personal data by us, in accordance with Art. 13 and 14 GDPR.
- Right of access: You have the right to obtain confirmation as to whether or not we are processing your personal data and, if this should be the case, access to the personal data, in accordance with Art. 15 GDPR.
- Right to rectification: You have the right to obtain rectification of inaccurate or incomplete personal data concerning you, in accordance with Art. 16 GDPR.
- Right to erasure ("right to be forgotten"): Under certain circumstances you have the right to obtain the erasure of personal data concerning you, in accordance with Art. 17 GDPR.
- Right to restriction: Under certain circumstances you have the right to obtain the restriction of processing, in accordance with Art. 18 GDPR.
- Right to data portability: Under certain circumstances you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transmit this data to another controller, in accordance with Art. 20 GDPR.
- Right to object: Under certain circumstances you have the right to object to the processing of personal data concerning you, in accordance with Art. 21 GDPR. This includes but is not limited to the right to object in cases in which we process your personal data on the legal basis of Art. 6 para. 1 let. f) GDPR.
- Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of the EU of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR, as set out in Art. 77 GDPR.
- Right to withdraw consent: If a processing of your personal data is based on your consent as set out in Art. 6 para. 1 let. a) GDPR or Art. 9 para. 2 let. a) GDPR, you have the right to withdraw your consent at any time, in accordance with Art. 7 para. 3 GDPR. Such withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
- Right to not be subject to a decision based solely on automated processing: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, as set out in Art. 22 para 1 GDPR.
Data of Minors
If you are the legal guardian of a minor who is under the age of 16 we may require that you consent to the processing of the minor’s personal data or authorize that the minor consents him/herself to the data processing. In such a case we process your name and email address together with the personal data of the minor to have proof that we obtained your consent as legal guardian according to the GDPR.
Recipients of the processed personal data are the respective employees and freelancers of ours that are responsible for obtaining the consent. Possible further recipients include the following categories:
Business intelligence providers
Customer support services
Cyber security services
Hosting and Internet Service Providers
We process the data to be able to prove that we have complied with the rules of the GDPR that require the legal guardian to consent to/authorize the processing of personal data of a minor.
The legal basis for processing the data is Art. 6 para. 1 let. c in connection with Art. 8 para. 1 GDPR.
Children under the Age of 13
Our Sites are not directed to children under the age of 13. Our Sites prohibit registration by, and we will not knowingly collect personally identifiable information from, anyone under the age of 13. If you believe we have collected personal information about your child, you may contact us at the address set forth below to request removal of such information.
Recipients / Categories of Recipients
- Hosting providers (e.g. Google LLC, Amazon Web Services, Inc., etc)
- Cyber security providers (e.g. Cloudflare, Inc., Intuition Machines, Inc., etc)
- Customer support services (e.g. Zendesk, Inc., etc)
You can find further information on how these recipients are involved in the processing of data under section VIII. Apart from these explicitly mentioned recipients, data can also be processed by recipients of the following categories: financial and IT services, other ESL companies, other players of the played game.
What does joint controllership mean?
We and ESL Gaming GmbH, ESL Gaming GmbH, Schanzenstrasse 23, 51063 Cologne, Germany, ("Partner") operate services together. This means that we and/or our Partner jointly determine if and how certain personal data of yours is processed in connection with the service. Since we and our Partner each are controllers of your data when doing so, the working relationship is called a joint controllership.
Who processes which data and why?
We jointly process the following data with our Partner:
- Requests sent to us by users that can only be answered by our Partner or with our Partner’s help. Our Partner has a legitimate interest in answering questions of users of our services which it supports as a joint controller, to make sure everyone can appropriately use them (legal basis: Art. 6 para. 1 let. f) GDPR);
- We and our partner have a legitimate interest in sharing your contact information and information related to the respective service of ours, if legal matters arise that need to be assessed in cooperation with our Partner (legal basis: Art. 6 para. 1 let. f) GDPR).
Who is responsible for what?
How is your data secured?
We have implemented technical and organizational measures to ensure a level of security appropriate to the risk presented by the processing in accordance with Art. 24 and 32 GDPR.
What happens in a case of a personal data breach?
In case of a personal data breach and if this breach is likely to result in a risk to your rights and freedoms, we will, with the assistance of our Partner and without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the competent supervisory authority.
Should such breach likely result in a high risk for your rights and freedoms, we or – where required by article 34 GDPR – our Partner will inform you about the personal data breach without undue delay.
If you want to exercise your rights against us or if you have any questions for us regarding the processing, you can contact us via email: [email protected]
Depending on your request, it is possible that our Partner or we will forward your request to one another, should this be necessary to help each other out to answer your request or to get directly in touch with you for this purpose. In case of a forward of your request, we and our Partner inform each other about the matter to the extent necessary for answering your request.
In the following we would like to inform you about how we specifically process your personal data in connection with our services.
Communication via Email and Phone
If we communicate with you via email or telephone, we process all personal data you disclose to us during our conversation (e.g. you name, email address, the reason why you are contacting us etc.). If the processing of the data is based on contractual purposes, we require it to be able to conclude or perform a contract with you, which is not possible without this information.
Recipients of the processed personal data are the respective internal employees and freelancers of ours that are responsible for pursuing our purposes for the processing. The following processors process the personal data on our behalf: Google.
Depending on the specific conversation with you, the personal data can either be processed in order to take steps at your request prior to entering into a contract with us or to perform a contract you have concluded with us. Also, the processing can be necessary for us to comply with legal documentation obligations. Also, the processing can be necessary for the purposes of our legitimate interest to respond to mails and calls of yours when you contact us and are not our contractual partner as well as to have proof regarding substantial content of our conversation, including but not limited to cases of potential legal claims on our or your side.
The legal basis for processing the personal data in order to take steps at your request prior to entering into a contract with us or to perform a contract you have concluded with us is Art. 6 para. 1 let. b) GDPR. The legal basis for processing the data for compliance with our legal obligations is Art. 6 para. 1 let. c) GDPR. The legal basis for processing the data due to our legitimate interest is Art. 6 para. 1 let. f) GDPR.
he data is stored at least for the time until our contract with you is fully performed. If the data has been stored in order to take steps at your request prior to entering into a contract with us or we communicate with you based on our legitimate interest of also answering requests that are not contract-related, we will store the data for as long as reasons objectively exist to believe that the respective conversation will be continued within the foreseeable future. If your communication is considered a commercial or business letter or another type of documentation regarding which statutory storage obligations apply, we will store the data according to those storage periods.
When you visit our website, we process the following data to deliver the website to your browser:
- IP address and network information
- Browser details and capabilities
- Time stamped activity while on our website
Recipients of the processed personal data are the respective internal employees of ours that are responsible for pursuing our purposes for the processing and as well as the following categories of recipients:
- Customer support services
- Hosting providers
- Cyber security services
- Business intelligence providers
We need to process the data in order to deliver the website to your browser and for it to function appropriately. We have a legitimate interest in being able to deliver a functioning website to anyone who would like to access it.
The legal basis for the processing of your data based on our legitimate interest is Art. 6 para. 1 let. f) GDPR.
Provision of Statistics
Our service allows players of CSGO to keep a full match history in our database, this includes the following data:
- Your game nickname, Steam ID, any bans within Steam associated with this account and a link to your profile picture you maintain for your Steam Account;
- Statistical data on your interactions within the match (e.g. number of kills, deaths, assists, etc.);
- Your Steam account authorization code for us to check and collect match metadata;
- Your match share-codes for us to download the match’s public game replay file to gather statistical data on your interactions within the match
If you have enabled the automatic match tracking, you can deactivate the sharing of your matches by Steam within your Steam account. Please note that even though you might deactivate that function within your Steam account, your nickname, profile picture and statistical information of the game you play may still be shared with us by Steam, if one of the other players in a match you play has the sharing function enabled, since the played game is publicly available as an online competition. In such case, please check before you join matches, if other players are intending to compete publicly in the match. If you have enabled your match sharing and wish to revoke this, you can access https://help.steampowered.com/en/wizard/HelpWithGameIssue/?appid=730&issueid=128 and revoke the match sharing function upon signing into your Steam-account.
You have the possibility to disable that some of your personal data is displayed on our website. If you would like us to delete your player nickname in our statistics overviews for the matches you played in the past, you can at any time contact us over [email protected] If you want to have this change also applied to any future matches you play, you will need to change your nickname within your Steam account. Your profile picture displayed within the stats can be changed within your Steam account. Please note that SteamIDs are not affected by deletion requests, since they are required to visualize when a player got banned.
Recipients of the processed personal data are the respective internal employees and contractors of ours that are responsible for pursuing our purposes for the processing and recipients that provide IT-infrastructure for this processing.
The purpose of processing the data is to deliver statistical insights for all players of CS:GO on how they play the CS:GO, how they can improve as a player and on important events in a game (e.g. if a player got banned for cheating). Offering a helpful service such as this to the CS:GO community is in our legitimate interest of helping players improve and enjoy CS:GO, since we want to contribute to the esports community and also improve our esports product portfolio.
The legal basis for processing your data based on our legitimate interest is Art. 6 para. 1 let. f) GDPR.
Personal data is stored until you delete your Steam account. If you do not wish to have your profile picture and/or nickname processed on our statistics page, you of course have the right to object (see above section IV.). The profile picture will not be visible on our statistics page any longer and the nickname replaced by an anonymous figure (e.g. “Player 1”). Steam IDs are processed by us, despite an objection, since our legitimate interest as well as the legitimate interest of the CS:GO community in providing or receiving information on banned players outweighs a potential interest of CS:GO players to not have their Steam ID processed by us. In case of an objection, we will not display the Steam ID publicly on our statistics page.
In case of a deletion of your Steam account or an objection of yours, the statistical match data of yours (e.g. number of kills, deaths, assists, etc.) remains visible on our statistics page, since it is not personal data.
Integrated Services and Services of Third Parties
Based on our legitimate interest to analyze, optimize and economically operate our online offer and the corresponding legal basis of Art. 6 para 1 let. f) GDPR, we make use of services offered by third-party providers in order to provide their services (hereinafter collectively referred to as "Services"). This always presupposes that the third-party providers of these Services perceive the IP address of the users, since they could not send the Services to their browser without the IP address. The IP address is therefore required for the presentation of these Services. We endeavor to use only Services whose respective providers use the IP address solely for the delivery of the Services. Third parties may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on your device and may include, but is not limited to, technical information about the browser and operating system, referring websites, visit time, and other information regarding the use of our websites. For details on the data processing of the third-party providers, please view their contact information and privacy policies:
Third Party Analytics Tools and Consent Management
We use third party tools (e.g. cookies) to analyze the use of our websites and services or to provide a better user experience for you when you use these. To make it easy for you to inform yourself about these tools and to withdraw a potentially necessary consent of yours or object to a processing based on a legitimate interest of ours, we have implemented the consent management platform by Usercentrics. You can at any time open the consent management platform by clicking the platform button (e.g. the fingerprint in the corner of the screen) or the link on our website or in our service to open it. In the consent management platform, you will find all information on what data is processed, who the recipient is, the purpose, legal basis and storage period.
You can at any time of course also contact us at [email protected] further details or if you want to declare your withdrawal or objection to us processing your personal data.
California Do Not Track Disclosure
We do not collect personal information from users over time and across third party websites or online services. However, we work with third party partners who use unique identifiers to help us understand use of our Sites. The unique identifiers used by third parties on our sites may be combined with information collected about you over time and across third party websites or online services.