LAST UPDATED: 22 April 2021
For users located outside the United States of America, the publisher of the Website and data controller pursuant to the General Data Protection Directive (" GDPR") in respect of any Personal Data (as defined below) that you submit to us via the Website (or otherwise) is Cloud Imperium Games Limited, a company registered in England and Wales (company number: 8703814) and located at Freedom House, Church Street, Wilmslow, Cheshire, SK9 1AX, United Kingdom (" CIG", " we", " us", " our"). The Personal Data you submit to us via the Website (or otherwise) will be processed by us or by data processors appointed by us to undertake processing on our behalf.
For users located in the USA, the publisher of the Website is Cloud Imperium Games, LLC, a company registered in California and located at 12322 Exposition Blvd., Los Angeles, California 90064 (" CIG", " we", " us", " our"). The Personal Data you submit to us via the Website (or otherwise) will be processed by us or by data processors appointed by us to undertake processing on our behalf.
2. What Is Personal and Non-Personal Data?
"Personal Data" is information that we may collect from you that identifies you, or which, in conjunction with other information that is in our possession, or is likely to come into our possession, may be used by us to identify you. This term shall also include Personal Information pursuant to CCPA (see Sec. 10 below).
"Non-Personal Data", is information that we have collected from you which cannot be used by us to identify you.
3. Which Data Does CIG Collect and Use and at Which Stage?
3.1 Use Of Our Website
If you access or use our Website we may collect the following Personal Data:
- IP address
- name of requested file
- operating system
- browser type and settings
- time of access
CIG also may maintain log files which contain IP addresses. An IP address is a numeric address that may be assigned to your computer by your Internet Service Provider and can, in certain circumstances, amount to Personal Data. In general, we use log files to monitor traffic on our Website and to troubleshoot technical problems. In the event of user abuse of our Website, however, we may block certain IP addresses on the legal basis of art. 6 (1) lit. f GDPR.
We use the information set out in this Section 3.1 to optimize your experience of the Website. The collection of the information set out in this Section 3.1 is mandatory. CIG is not able to properly provide you with the Website without this basic information acc. to Art. 6 (1) lit. f GDPR.
3.2 Cookies and Tracking Technologies
We may use various tracking technologies to automatically collect the types of information set out in Section 3.1 above, including:
- Cookies, which are small data files stored on your device that act as a unique tag to identify your browser. We use several types of cookies, including session cookies and persistent cookies. Session cookies make it easier for you to navigate our website and expire when you close your browser. Persistent cookies help with personalizing your experience, remembering your preferences, and supporting security features. Persistent cookies may remain on your device for extended periods of time, and generally may be controlled through your browser settings.
Your browser settings may allow you to automatically transmit a "Do Not Track" signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to "Do Not Track" signals. For more information on "Do Not Track," visit http://www.allaboutdnt.com.
3.3 Applying for Jobs
If you apply for a job on the Website or otherwise, in addition to the information we collect under Section 3.1 and 3.2 mentioned above we may also collect the following Personal Data (not all of these data being mandatory):
- personal master data; e.g. name, birth date, postal address
- contact details; e.g. telephone number, e-mail address
- content of your application documents
- provide link to your online portfolio/showreel if applicable
- if you are eligible to work in the EU
- if you are already part of the Star Citizen Community
- your salary expectations
- if you are engaged in any form of entertainment and/ or online gaming media
- where you found the job advertisement
- notice period of the current employment agreement
- passport validity
- name and agency of your recruitment agent if applicable
Please refer to Sec. 10.1 and 10.2 for more detailed information.
If you apply for a job on the Website the Personal Data that you transfer to us will be stored for consideration and reference purposes for a period of twenty four (24) months from the point of your last profile update. If your profile is not updated within a twelve (12) month period, your profile and any applications will be permanently deleted from our database unless we contact you via email and you update your profile.
If you are hired as an employee your Personal Data will be subject to the employment agreement and its related guidelines and policies and this policy will cease to apply.
We collect your personal data to perform pre-contractual measures or enter into a contract and our legitimate interests (including proving prior contracts towards recruitment agencies and the optimization of the application process). Please refer to Sec. 10.3 for more detailed information.
4. Will CIG Share My Information with Third Parties?
CIG may share your Personal Data:
- with any of our affiliated companies, including Roberts Space Industries International, LLC, Roberts Space Industries International, Ltd., Roberts Space Industries Germany GmbH, Cloud Imperium Games Limited (f.k.a. Foundry 42 Limited), Cloud Imperium Games, LLC and Cloud Imperium Games Texas, LLC (individually and collectively "CIG"). The legal basis under GDPR is Art. 6 (1) lit. f GDPR with having organizational and financial requirements within the group as legitimate interest.
- any authority to which we are obliged by law to disclose your Personal Data and Non-Personal Data (e.g. tax authorities for commercial transactions). The legal basis under GDPR is art. 6 (1) lit. c GDPR.
- at your request or your direction.
5. How Does CIG Protect Your Personal Data?
The security of your Personal Data is important to us. We follow all relevant regulations, including the GDPR and CCPA, where applicable, to protect the Personal Data submitted to us, both during transmission and in storage.
For users in the European Union the Personal Data that you provide to us will be collected and processed by us or by our Data Processors pursuant to Art. 28 GDPR. We have implemented physical, electronic and managerial procedures in order to help safeguard and prevent unauthorized access, use, alteration, modification and/or disclosure of your Personal Data.
Despite these measures, transmission via the internet is not completely secure and we cannot guarantee the security of your Personal Data provided through the internet.
If you have any questions about security on our Website, please contact us at email@example.com.
6. Review, Correction and Deletion Of Your Information
You can correct, update or delete your Personal Data at any time by contacting us at firstname.lastname@example.org. We will be happy to review, update or remove information as appropriate. We will require you to verify your identity before releasing any information to you.
7. Data Transfer
8. Information on your Rights
In addition to the rights mentioned before you have the right
- to request that we delete personal data relevant to you without delay if one of the reasons specified in Art. 17 of the GDPR applies. Unfortunately, we may not delete data that is subject to a legal retention period. If you would prefer that we never collect data from you or never contact you again in the future, we shall store such relevant contact details in a blacklist.
- to revoke any consent given by you with future effect and without any negative consequences for you.
- to request from us that processing be restricted if one of the prerequisites listed in Art. 18 of the GDPR is provided.
- to object at any time to the processing of personal data relevant to you on grounds relating to your particular situation. We shall no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds to do so, which override your interests, rights and freedoms, or such processing is required for the establishment, exercise or defense of legal claims (Art. 21 of the GDPR).
- to request that the data relevant to you be issued in a commonly used electronic and machine-readable format. This also covers the issuance (if possible) to another responsible party specified by you directly. (Art. 20 of the GDPR)
- without prejudice to another administrative or judicial remedy and if you believe that the processing of your personal data is in breach of the GDPR, to file a complaint with our data protection officer: email@example.com
- to assert claims vis-à-vis the supervisory authority in the member state of your place of stay, your place of work or the location where the alleged violation took place.
9. Contact Information
If you have questions or concerns regarding this statement, you may contact us using the following contact information:
For users in the United States:
Cloud Imperium Games, LLC
12322 Exposition Blvd.
Los Angeles, CA 90064
For users outside the United States:
Cloud Imperium Games Limited
Wilmslow SK9 1AX
Data Protection Officer: firstname.lastname@example.org
10. Additional Disclosures for California Residents
These additional disclosures apply only to California residents. The California Consumer Privacy Act of 2018 ("CCPA") provides additional rights to know, delete and opt-out, and requires businesses collecting or disclosing Personal Data to provide notices and means to exercise rights. Herein, "personal information" has the meaning given in the CCPA but excludes information exempted from the CCPA's scope.
10.1 Notice of Collection
In the past 12 months, we have collected the following categories of Personal Data enumerated in the CCPA:
- Contact information, such as home address, telephone number, and email address;
- Information from job application materials or recruiters , such as your job application, resume or CV, cover letter, references, work history, education transcripts, whether you are subject to prior employer obligations, information that referrers provide about you,and any work samples or portfolio submitted or referenced by you for example, writing samples, reels, demos, and work posted at third party sites such as Artstation ;
- Professional qualifications , such as licenses, permits, memberships, and certifications;
- Information from the application process , such as any phone-screens, interviews, evaluations and outcomes of recruiting exercises;
- Immigration status and other information that would allow us to verify your employment eligibility;
- Biographical information , such as name, gender, date of birth, professional history, references, language proficiencies, education details, and information you make publicly available through job search or career networking sites;
- Job preferences , such as desired position and compensation, location preferences and willingness to relocate;
- Employment history ;
- Information needed to understand and assess accommodation requests regarding potential disabilities or other health conditions ;
- Medical information if you meet with us in-person, such as your body temperature, health symptoms and other screening information in connection with Cloud Imperium's health and safety plans and protocols, including screening required to access Cloud Imperium offices/facilities and other measures designed to prevent the transmission of COVID-19 or other infectious diseases;and
- Other information you provide to us.
Providing personal information to us is voluntary. However, if you do not provide sufficient information, we may be unable to consider your application or, if you are hired, your subsequent promotion, transfer or relocation.
In certain cases we may ask you for additional information for purposes of complying with applicable laws. We may also inquire about criminal records. We will do so only where permitted by applicable law.
10.2 Source of Information
We collect personal information from you when you apply for a job and throughout the job application or recruitment process. We may also collect your personal information from other sources and combine it with the personal information you provide us. For example, we may collect your personal information from:
- Job board websites you may use to apply for a job with us;
- Prior employers that provide us with employment references;
- Professional references that you authorize us to contact;
- Employment agencies and recruiters ;
- Your public social media profile or other publicly-available sources;
- Other Cloud Imperium personnel.
- How we use personal information about candidates
10.3.1 Purposes for which we use personal information
We may use the categories of personal information above for the following purposes:
Recruitment management. Managing recruitment generally, such as:
- operating the Website;
- recruiting, interviewing and evaluating job candidates;
- analyzing and improving our application and recruitment processes;
- accommodating disabilities or health conditions;
- communicating with you regarding your candidacy, opportunities with CIG or about the Website and any changes to applicable terms or policies; and other business operations.
Compliance, safety and fraud prevention , such as:
- complying with or monitoring compliance with legal and other requirements, such as reporting and equal opportunities monitoring requirements, where applicable;
- complying with internal policies and procedures;
- complying with lawful requests and legal process, such as responding to subpoenas or requests from government authorities;
- protecting our, your or others'; rights, safety and property, including by complying with applicable public health guidelines and requirements, including, without limitation, guidance from the Centers for Disease Control or other public health authorities relating to the prevention and control of COVID-19 or other infectious diseases;
- investigating and deterring against fraudulent, harmful, unauthorized, unethical or illegal activity, or conduct in violation of our policies or procedures;
- controlling access to and monitoring our physical premises (e.g., by requiring health screenings to access offices/facilities; and sharing information with government authorities, law enforcement, courts or private parties where we have a good-faith belief it is necessary for the foregoing purposes.
Analytics , such as:
- creating anonymous, aggregated or de-identified data that we use and share to analyze our application and recruitment activities, business and for other lawful business purposes.
We do not generally sell information as the term "sell" is traditionally understood.
10.3.2 Sharing personal information
We may share your personal information with other parties as necessary for the purposes described above, including the parties listed in Sec. 4 above
10.4 Right to Know and Delete
You have the right to delete the Personal Data we have collected from you and the right to know certain details about our data practices in the past 12 months. In particular, you may request the following from us:
- The categories of Personal Data we have collected about you
- The categories of sources from which the Personal Data was collected
- The categories of Personal Data about you we disclosed for a business purpose or sold
- The categories of third parties to whom the Personal Data was disclosed for a business purpose or sold
- The business or commercial purpose for collecting or selling the Personal Data
- The specific pieces of Personal Data we have collected about you
To exercise any of these rights, please submit a request to email@example.com or through your Account settings here. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your requests to know or delete.
10.5 Authorized Agent
You can designate an authorized agent to submit requests on your behalf. However, we will require written proof of the agent's permission to do so and verify your identity directly.
10.6 Right to Non-Discrimination
You have the right not to receive discriminatory treatment by us for the exercise of any your rights.
10.7 Shine the Light
Customers who are residents of California may request (i) a list of the categories of Personal Data disclosed by us to third parties during the immediately preceding calendar year for those third parties' own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at the email or postal address set out in Section 12 above and specify that you are making a "California Shine the Light Request." We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year.