PRIVACY POLICY

Last Updated: August 1, 2022
This Privacy Policy describes how GME Entertainment, LLC (“we," “our” or “us”) collects, uses, and shares personal information in connection with our GameStop Wallet (defined below and downloadable at https://wallet.gamestop.com/), GameStop NFT marketplace located at https://nft.gamestop.com/ and services therein (“Marketplace”), and an IMX Grant Program application located at https://imxgrant.nft.gamestop.com (collectively, the “Services”).
GameStop Wallet is a self-custodial Ethereum wallet that enables users to (i) self custody digital assets; (ii) connect to decentralized applications (“dapps”); (iii) view addresses and information that are part of blockchain networks and broadcast transactions; (iv) access third party services, which include services provided by third party Wyre, Ramp, or MoonPay, respectively, for purchasing Ethereum with certain fiat currencies (which transactions will occur on a Protocol (defined below)), and swap functionalities provided by third party 0x or Loopring, respectively; and (v) other features, tools, software or functionalities that may be added to the GameStop Wallet from time to time (collectively, “GameStop Wallet").
The Marketplace facilitates interactions between your self custody digital asset wallet and certain decentralized cryptographic protocols (“Protocols”); tools for users to transact with non-fungible tokens (“NFTs”) in a peer-to-peer fashion on a Protocol; access to third parties services from Wyre or Ramp, respectively, for purchasing Ethereum with certain fiat currencies (which transactions will occur on a Protocol); access to create/mint NFTs on a Protocol that may be published on the Marketplace (whenever available); and access to other features, tools, software or functionalities in connection with the Marketplace, including, but not limited to, displaying, listing, searching and viewing NFTs. With respect to the Marketplace, your self-custody digital wallet can be your GameStop Wallet or a digital asset wallet from a third party provider (“third party digital asset wallet”).
Please make sure to review our Terms of Service, which contains provisions that limit our liability and require you to resolve any dispute with us on an individual basis and not part of any class or representative action.
We provide additional information for:
  • Residents of California
  • Residents of Europe (the United Kingdom, Switzerland, and the European Economic Area)
Moreover, this Privacy Policy does not apply to information collected by third parties through third party websites or services that you may access through the Services. Such third parties include, for example, Wyre, Ramp, MoonPay, 0X and Loopring, or your third party digital wallet provider. For such third party websites or services, you are responsible for reviewing, agreeing and complying to their Terms of Service/US (or equivalent thereof) and Privacy Policies before accessing or using said third party websites or services.
For Wyre's Privacy Policy, go here.
For Ramp's Privacy Policy, go here.
For MoonPay's Privacy Policy, go here.
For 0X's Privacy Policy, go here.
For Loopring's Privacy Policy, go here.
Personal information we collect
Information you provide to us:
  • Contact and profile information, such as your display name, email address, profile biography, Ethereum public address details, and third party account information you provide to us (such as Twitter and Reddit usernames).
  • IMX Grant Program information, such as company or project category, company or project name, company or project type, your name or company name, your website address or company website address, email address, and project descriptions.
  • Financial and transaction information, such as your profile information on the Marketplace, digital asset wallet information (such as public wallet address and transaction identification information), payment information, digital asset transaction to and from information, and information regarding transaction amounts and history.
  • Wallet information, such as network public key (public address) and digital wallet contents including cryptocurrencies, NFTs, and tokens. WE WILL NOT ACCESS OR STORE YOUR WALLET PASSWORD, PRIVATE KEYS OR SECRET RECOVERY/BACKUP PHRASE ASSOCIATED WITH YOUR DIGITAL ASSET WALLET. YOU ARE SOLELY RESPONSIBLE FOR KEEPING YOUR WALLET PASSWORD, PRIVATE KEYS AND SECRET RECOVERY/BACKUP PHRASE SAFE AND CONFIDENTIAL.
  • Feedback or correspondence, such as information you provide when you contact us with questions, feedback, or otherwise correspond with us online, and your “like” feedback on NFTs on the Marketplace.
  • Usage information, such as information about how you use the Services and interact with us, including information associated with any content you upload to the Services or otherwise submit to us, and information you provide when you use any interactive features of the Services.
  • Marketing information, such as your preferences for receiving communications about our activities, announcements, and publications, and details about how you engage with our communications.
  • Fraud reporting information, such as full name, physical address, email address, public wallet address, and nature of the report of fraud to support an identity verification of the reporting party and investigation to the nature of fraud reported.
  • Digital Millennium Copyright Act (“DMCA”) Notices and Counter-Notices information, such as full name, physical address, email address, telephone number and details supporting the request for takedown or reinstatement of content on the Marketplace under the DMCA.
  • Additional information, may be requested from you at any time to comply with our Anti-Money Laundering (“AML”) and sanctions compliance obligations. The information required may vary according to various risk factors that we take into account while establishing a relationship with you and in the course of further transactions through the Services. Providing us with relevant information is necessary to use the Services. We may refuse to provide you with any of our Services, at our discretion and at any time, based on the results of the AML and sanctions reviews and are not obligated to disclose to you the results of such reviews. Further, we may request additional information if new or amended laws and/or regulations, a regulatory agency or a court of law require us to do so, and you agree to provide such additional information.
Information we obtain from third parties:
  • Third party digital asset wallet and digital asset transaction information. To use the Services, you may use a GameStop Wallet or third party digital asset wallet that allows you to engage our Services and transact on one or more Protocols. Your activities with any third party digital asset wallet provider are governed by the relevant Terms of Service/Use (or equivalent thereto) and privacy policy associated with your third party digital asset wallet. When you connect your third party digital asset wallet to our Services, we will access information from your wallet, including the contents of your wallet, which may include digital assets, such as cryptocurrencies, NFTs, and tokens. We may also collect information regarding Ethereum purchases that you make using fiat currency via third party services, such as Wyre, Ramp or MoonPay, and swap transactions that you make through third party services provided by 0X or Loopring for regulatory compliance, such as AML and sanctions compliance. AGAIN, WE WILL NOT ACCESS OR STORE YOUR WALLET PASSWORD, PRIVATE KEYS OR SECRET RECOVERY/BACKUP PHRASE ASSOCIATED WITH YOUR DIGITAL ASSET WALLET. YOU ARE SOLELY RESPONSIBLE FOR KEEPING YOUR WALLET PASSWORD, PRIVATE KEYS AND SECRET RECOVERY/BACKUP PHRASE SAFE AND CONFIDENTIAL.
  • Other Sources. We may obtain your personal information from other third parties, such as marketing partners, publicly-available sources (including, but not limited to, data that is accessible on public blockchains), identity verification services, AML and sanctions screening services, and data providers.
Automatic data collection.
  • We and our service providers may automatically log information about you, your computer or mobile device, and your interaction over time with our Services, our communications and other online services, such as:
    • Device data, such as your computer's or mobile device's operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 4G), and general location information such as city, state or geographic area. We may also temporarily collect information about dapps that you are connecting to, while establishing that connection.
    • Online activity data, such as how you use our Services, how you interact with others using our Services, pages or screens you viewed, how long you spent on a page or screen, browsing history, navigation paths between pages or screens, information about your activity on a page or screen, access times, online status, last seen status, and duration of access, and whether you have opened our marketing emails or clicked links within them.
We use the following tools for automatic data collection:
  • Cookies, which are text files that websites store on a visitor's device to uniquely identify the visitor's browser or to store information or settings in the browser for the purpose of helping you navigate between pages efficiently, remembering your preferences, enabling functionality, helping us understand user activity and patterns, and facilitating online advertising.
  • Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications.
  • Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
How we use your personal information
To operate our Services:
  • • Provide, operate, maintain, secure and improve our Services, including, but not limited to, user access to features, tools, software or functionalities in connection with the Marketplace, including without limitation, tools for users to transact with NFTs in a peer-to-peer fashion on a Protocol; access to third party services from Wyre and Ramp, respectively, for purchasing Ethereum with certain fiat currencies (which transactions will occur through a Protocol); access to create/mint NFTs on a Protocol that may be published on the Marketplace (whenever available); and displaying, listing, searching and viewing NFTs, which may include, for example, displaying username, user bio, public wallet address, NFT contract type, NFT contract address, NFT token ID, NFT metadata and IPFS address, and links to your Reddit and/or Twitter account.
  • Provide information about our Services
  • Communicate with you about our Services, including by sending you announcements, updates, security alerts, and support and administrative messages.
  • Understand your needs and interests, and personalize your experience with our Services and our communications.
  • Respond to your requests, questions and feedback.
  • Investigate and address conduct that may violate Terms of Service.
For research and development. To analyze and improve the Services and to develop new products and Services, including by studying use of our Services.
Marketplace Creator Applications. Determine whether or not to approve you or your company to create/mint NFTs on a Protocol and/or publish content to the Marketplace.
For the IMX Grant Program Application. We share your application and the information therein with Immutable X and Digital Worlds NFTS Ltd. Immutable X and Digital Worlds NFTS Ltd. review and verify the submitted applications and determine whether or not to issue you or your company a grant based on your submitted IMX Grant Program application information.
Marketing and advertising. We, our corporate parents, subsidiaries, affiliates and divisions and our advertising partners may collect and use your personal information for marketing and advertising purposes, including:
  • Direct marketing. We may from time-to-time send you direct marketing communications as permitted by law, including, but not limited to, notifying you of special promotions, offers and events. You may opt out of our marketing communications as described in the “Opt out of marketing communications” section below. If you are located outside of the U.S. or U.S. Territories, please opt out of our marketing communications.
  • Interest-based advertising. We may engage our advertising partners, including third party advertising companies and social media companies, to display ads around the web. These companies may use cookies and similar technologies to collect information about your interaction (including the data described in the “Automatic data collection” section above) over time across our Services, our communications and other online services, and use that information to serve online ads that they think will interest you. This is called interest-based advertising. We may also share information about our users with these companies to facilitate interest-based advertising to those or similar users on other online platforms. You can learn more about your choices for limiting interest-based advertising in the “Online tracking opt-out” section below.
To comply with law. As we believe necessary or appropriate to comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
For compliance, fraud prevention, and safety, including AML and sanctions. To: (a) protect our, your or others' rights, privacy, safety or property (including by making and defending legal claims); (b) enforce the terms and conditions that govern our Services; and (c) protect, investigate and deter against money laundering, sanctioned countries, entities or individuals and other fraudulent, harmful, unauthorized, unethical or illegal activity.
To create anonymous data. To create anonymous data from your personal information. We make personal information into anonymous data by removing information that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve our Services and promote our business.
How your personal information may be shared while using our Services
If you engage in a transaction with another user or through a third party service or dapp, that user, third party or dapp, respectively, will have access to your public transaction information. Users, third parties or dapps with whom you interact with may store or re-share your information with others. For such third party services and dapps, you are responsible for reviewing, agreeing and complying to the terms, notices, and policies before accessing or using said third party services and dapp.
How we share your personal information
At your direction. When you use our Services to engage with third parties, such as wallets, dapps, service providers and others, you direct us to share your information with them to provide the Services you request.
Affiliates and GameStop Corporate Group. GME Entertainment may share personal information among our corporate parents, subsidiaries, affiliates, or divisions for internal business purposes in accordance with this Privacy Policy.
IMX Grant Program Application. Your information will be shared with Immutable X and Digital World NFTS Ltd. so they can determine whether or not to issue you or your company a grant based on your submitted IMX Grant Program application information.
Service providers. We may share your personal information with third party companies and individuals that provide services on our behalf or help us operate our Services (such as customer support, hosting, analytics, email delivery, marketing, identity verification, AML and sanctions screening and database management services).
Advertising partners. We may share your personal information with third party advertising companies, including for the interest-based advertising purposes described above.
For compliance, fraud prevention and safety. We may share your personal information for the compliance, fraud prevention and safety purposes described above.
Business transfers. We may sell, transfer or otherwise share some or all of our business or assets, including your personal information, in connection with a business transaction (or potential business transaction) such as a corporate divestiture, merger, consolidation, acquisition, reorganization or sale of assets, or in the event of bankruptcy or dissolution. In such a case, we will make reasonable efforts to require the recipient to honor this Privacy Policy.
Your choices
In this section, we describe the rights and choices available to all users. Users who are located in California, and to the extent there are users who are located in Europe, can find additional information about their rights below.
Access or update your information. If you have created a profile on the Marketplace, you may review and update certain personal information in your profile by connecting your self-custody digital asset wallet to the Marketplace and clicking your Avatar on the top right corner of the webpage. You may also view your activity history, as well as owned, created, liked or hidden NFTs in your profile. If you have created a GameStop Wallet, you may view activity related to your GameStop Wallet in the Activity area of the GameStop Wallet. Note that your transactions on the Marketplace or using your GameStop Wallet may be recorded on public blockchain(s) and, as a result, available for public viewing.
Opt out of marketing communications. You may opt out of marketing-related emails by changing your communications preferences on your account management page or following the opt-out or unsubscribe instructions at the bottom of the email. You may continue to receive service-related and other non-marketing emails.
Online tracking opt-out. There are a number of ways to opt out of having your online activity and device data collected through our Services, which we have summarized below:
  • Blocking cookies in your browser. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit allaboutcookies.org.
    Use the following links to learn more about how to control cookies and online tracking through your browser: Firefox, Chrome, Microsoft Edge, Safari.
  • Blocking advertising ID use in your mobile settings. Your mobile device settings may provide functionality to limit use of the advertising ID associated with your mobile device for interest-based advertising purposes.
  • Using privacy plug-ins or browsers. You can block our Services from setting cookies used for interest-based ads by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, DuckDuckGo, Ghostery or uBlock Origin, and configuring them to block third party cookies/trackers.
  • Platform opt-outs. The following advertising partners offer opt-out features that let you opt out of use of your information for interest-based advertising: Google, Facebook, Twitter.
  • Advertising industry opt-out tools. You can also use these opt-out options to limit use of your information for interest-based advertising by participating companies: Digital Advertising Alliance, or Network Advertising Initiative.
Note that because these opt-out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.
Do Not Track. Some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Other sites, mobile applications and services
Our Services may contain links to other websites, mobile applications, and other online services operated by third parties. These links are not an endorsement of, or representation that we are affiliated with, any third party. In addition, our content may be included on web pages or in mobile applications or online services that are not associated with us. We do not control third party websites, mobile applications or online services, and we are not responsible for their actions. Other websites and services follow different rules regarding the collection, use and sharing of your personal information. We encourage you to read the privacy policies of the other websites and mobile applications and online services you use.
Security practices
We use reasonable organizational, technical and administrative measures designed to protect against unauthorized access, misuse, loss, disclosure, alteration and destruction of personal information we maintain. Unfortunately, data transmission over the Internet cannot be guaranteed as completely secure. Therefore, while we strive to protect your personal information, we cannot guarantee the security of personal information.
Minors
Our Services are not intended for use by anyone under 18 years of age. If you are under 18, please do not attempt to create an account or send any information about yourself to us, including your name, address, telephone number or email address. No one under the age of 18 may provide any personal information to us, and we do not knowingly collect personal information from anyone under the age of 18. If we learn that we have collected personal information from anyone under the age of 18 without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any information from or about anyone under the age of 18, please contact us immediately.
Users outside of the United States
To provide our Services, it is necessary for us to process personal information using facilities and servers in the United States.
Changes to this Privacy Policy
Our Privacy Policy may change from time to time, and we reserve the right to modify it any time. We will post any changes to this Privacy Policy on this website. If we make material changes to it, we will provide notice through our Services, or by other means, to allow your review of the changes before they become effective. If you object to any changes, you may close your account and discontinue use of our Services. Each time a user uses any Service, the current version of the Privacy Policy applies. You acknowledge that your continued use of our Services after we publish or send a notice about our changes to this Privacy Policy means that the collection, use, retention and sharing of your personal data is subject to the updated Privacy Policy.
How to contact us
Please direct any questions or comments about this Policy or privacy practices to GlobalPrivacyOffice@gamestop.com. You may also write to us via postal mail at:
GME Entertainment LLC
625 Westport Parkway
Grapevine, TX 75080
Attn: Privacy Policy
Additional information for users located in California
This section applies only to California residents. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.
Your California privacy rights. The CCPA grants individuals whose information is governed by the CCPA the following rights:
  • Information. You can request information about how we have collected and used your Personal Information during the past 12 months. We have made this information available to California residents without having to request it by including it in this Privacy Policy.
  • Access. You can request information about how we have collected and used your Personal Information during the past 12 months. If you have created a profile with us, you may review and update certain personal information in your account profile by logging into the account. If you have created a GameStop Wallet, you may view activity related to your GameStop Wallet in the Activity area of the GameStop Wallet.
  • Deletion. You can ask us to delete the Personal Information that we have collected from you. However, we may retain Personal Information necessary to (a) protect our business, systems, and users from fraudulent activity, (b) to address technical issues that impair existing functionality, (c) ensure that we or others can exercise their free speech or other rights, (d) comply with law enforcement requests pursuant to lawful process, (e) for our own internal purposes reasonably related to your relationship with us, or to comply with legal obligations. Additionally, we need certain types of information so that we can provide our Services to you. If you ask us to delete it, you may no longer be able to access or use our Services.
  • Right to Non-Discrimination. We will not deny, charge different prices for, or provide a different level of quality of goods or services if you choose to exercise these rights.
We do not sell your personal information. Please note that the CCPA limits these rights by, for example, prohibiting us from providing certain sensitive information in response to an access request and limiting the circumstances in which we must comply with a deletion request. If we deny your request, we will communicate our decision to you.
How users in California can exercise their rights. California residents may exercise their California privacy rights by submitting a request to the “Individual Rights” icon below or by emailing us at GlobalPrivacyOffice@gamestop.com with “GME Entertainment CCPA Consumer Request” in the subject line.
Trustarc
Authorized Agents. California residents can empower an “authorized agent” to submit requests on their behalf. We will require the authorized agent to have a written authorization confirming that authority.
Verifying Requests. For security purposes, we will verify your identity - in part by verifying your email account or requesting certain information from you - when you request to exercise your California privacy rights. Once we have verified your identity (and your authorized agent, as applicable), we will respond to your request as appropriate. We may not disclose government ID or financial account number as such disclosure may create an unreasonable risk to your Personal Information, your account with us, or our business systems. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request.
Shine the Light Disclosure. The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of Personal Information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your Personal Information with third parties for their own direct marketing purposes.
Notice to European residents
The information provided in this “Notice to European Residents” section applies only to individuals in Europe.
Personal information. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.
Controller. GME Entertainment LLC is the controller of the personal information we collect.
Europe Data Protection Representative. Please direct any questions or comments about this Policy or privacy practices to our European Data Protection Representative established in Ireland, GameStop Europe Services Limited, at GlobalPrivacyOffice@gamestop.com.
Legal basis for processing. We use your personal information only as permitted by law. Our legal bases for processing the personal information described in this Privacy Policy are described in the table below.
Processing purpose
Legal basis
  • To operate our services
  • Processing is necessary to perform the contract governing our provision of our services or to take steps that you request prior to signing up for the services. If we have not entered into a contract with you, we process your personal information based on our legitimate interest in providing the services you access and request.
  • For research and development

  • For compliance, fraud prevention, anti-money laundering, and safety

  • Creation of anonymous data
  • These activities constitute our legitimate interests. We do not use your personal information for these activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • To comply with law
  • Processing is necessary to comply with our legal obligations
  • For marketing and advertising purposes
  • Processing is based on your consent. Where we rely on your consent you have the right to withdraw it any time in the manner indicated when you consent or in the Services.
    Use for new purposes. We may use your personal information for reasons not described in this Privacy Policy where permitted by law and the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis.
    Sensitive personal information. We ask that you not provide us with any sensitive personal information (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health, biometrics or genetic characteristics, criminal background, or trade union membership). If you provide us with any sensitive personal information when you use our Services, you must consent to our processing and use of such sensitive personal information in accordance with this Privacy Policy. If you do not consent to our processing and use of such sensitive personal information, you must not submit such sensitive personal information through our Services.
    Retention. We retain personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements, to establish or defend legal claims, or for fraud prevention purposes. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
    Cross-border data transfer. GME Entertainment LLC is based In the United States and any personal information you share through the use of our services or products will be processed in the United States. If we further transfer your personal information to another country such that we are required to apply appropriate safeguards to your personal information under European data protection laws, we will do so. Please contact us for further information about any such transfers or the specific safeguards applied.
    Your rights. European data protection laws may give you certain rights regarding your personal information. If you are located in Europe, you may ask us to take the following actions in relation to your personal information that we hold:
    • Access. Provide you with information about our processing of your personal information and give you access to your personal information. If you have created a profile with us, you may review your personal information by logging into the account. If you have created a GameStop Wallet, you may view activity related to your GameStop Wallet in the Activity area of the GameStop Wallet.
    • Correct. Update or correct inaccuracies in your personal information. If you have created a profile with us, you may update certain personal information by logging into the account.
    • Delete. Delete your personal information.
    • Transfer. Transfer a machine-readable copy of your personal information to you or a third party of your choice.
    • Restrict. Restrict the processing of your personal information.
    • Object. Object to our reliance on our legitimate interests as the basis of our processing of your personal information that impacts your rights.
    EU Data Subjects may exercise their privacy rights by submitting a request to the “Individual Rights” icon below.
    Trustarc
    We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or our response to your requests regarding your personal information, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find your EU data protection regulator here, your UK data protection regulator here, and Swiss data protection regulator here.