SCOPE

This guidance note applies to all entities of the Larian Studios group of companies (hereafter “Larian Studios” and individually referred to as “Company”). Any use of “we” or “us” in this policy is to be understood as referencing a Company.

USE OF PERSONAL DATA AS PART OF THE BG3 CRASH REPORTS PROCESS

This guidance covers the use of personal data gathered by Larian Studios as part of the BG3 crash reports process (hereinafter the “Process”).

Crash reports are generated when an error occurs, and the game quits. The crash reports contain:

• the .dmp file. .dmp files have the data "dumped" from the game's memory space and are created when the game has an error or crash;
• the dxdiag report: the dxdiag report has information about the user’s computer, such as machine name, machine ID, driver versions and hardware specifications;
• any additional information the player voluntarily submits when prompted with the Larian crash reporter.

The data shared is sent to Larian Studios’ servers and will be used to investigate the issue that occurred and provide valid intel to fix the issue.

LEGITIMATE INTEREST AND LEGAL BASIS FOR PROCESSING

Where personal data is processed, a legal basis for processing must be identified and established.

Crash reporting relies on consent of the gamer. They voluntarily submit the form. On each occasion, players are presented with the choice to submit the report generated or not. Their choice does not affect their further use of the game as is.

RIGHT TO OBJECT AND OTHER RIGHTS

Under data protection law, where personal data is processed, individuals have the right to object to the use of their personal data, either before or at any time after the data is processed.

Should you object to the use of your personal information as part of the Process, you can contact us at privacy@larian.com.

By law you have the right to:

• Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see above).
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party if technically feasible.

Further information on how you can reach us and exercise your rights are included in our general privacy policy which can be found at larian.com/privacy.

HOW LONG WILL MY PERSONAL DATA BE KEPT

Personal information is only kept for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

All retention periods have been documented in the Larian Group’s Record of Processing Activities. You can inquire about the retention periods for the different processing activities, or in general about your personal data, via privacy@larian.com.

Specifically, for the Process the following retention periods will be applied:

• Crash reports are stored for 1 year.

ACCESSIBILITY AND DATA SHARING

Information as part of the Process will only be accessible to a limited amount of Larian Studios’ staff, who is expected to uphold principles of confidentiality and to comply with the provisions of the General Data Protection Regulation (“GDPR”) where applicable. We expect them to respect the security of your data and to treat it in accordance with the law.

FURTHER INFORMATION

These guidelines are issued to be in accordance with the terms of the European Union General Data Protection Regulation (GDPR) and seek to provide information and guidance as to the personal data we keep about you, and the purpose of keeping it.

Further and more general information about the use and storage of personal information can be found in our privacy policies, a copy of which can be easily obtained via privacy@larian.com.

Any questions, comments, requests, … you might have on the issues raised in this note, as well as on the subject of data protection and GDPR in general, can also be directed to this email address.

Since we are an international group sharing information between the Companies can have transnational effects. The GDPR regulates in such a case that the supervisory authority of the main establishment of the Larian Group shall be competent to act as lead supervisory authority for the cross-border processing carried out by that controller or processor.

We consider the main establishment of the Larian Studios Group, on the subject of all matters and decisions on data processing, to be situated in Ireland, and thus, in accordance with the principles laid out in the GDPR, (the ‘one-stop-shop mechanism’), we consider our lead supervisory authority to be the “Data Protection Commission”, with address at 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland. However, you are always free to contact their own EU-vested authority.

We further note that Larian Studios has appointed an external data protection officer (“DPO”) to consult, advise and supervise on all matters related to GDPR. Our DPO can be contacted via privacy@larian.com.