Appendix 1 - Australia

This Australian Appendix applies if you are based in Australia during your interaction with us.

  1. Definition of personal information

    For the avoidance of doubt, when used in the privacy policy and this Appendix, the term personal information also includes an opinion about an individual, or an individual who is reasonably identifiable, whether that opinion is true or not.

  2. Direct marketing

    We may use your name, contact details, location information, information about your use of our digital services (including your preferences, transaction pattern and behaviour) to send you marketing relating to our own, other WarnerMedia Entities and/or third party products and services in the following categories: gaming products, digital media services, events and entertainment services.

    We may also provide your personal information to other WarnerMedia Entities, so that they can send you direct marketing.

    Where required by law (e.g. the Spam Act 2003 (Cth)), we will seek your consent before sending you marketing communications.
    In addition, at any time you may opt-out of receiving marketing communications from us by contacting us (see the details in Section 12 of the privacy policy), using opt-out facilities provided in the marketing communications, or by updating your subscription preferences [Preference Centre].

  3. Export outside Australia

    We hold your personal information on secure computer systems located in various countries in which we operate. Your personal information may also be disclosed to, and accessed and held by WarnerMedia Entities and our service providers in countries around the world. Those overseas entities will access your personal information for the purposes of providing us with IT services and to provide the digital services to you.

  4. Access and correction of your personal information

    You have the right to access your personal information which we hold about you, subject to some exceptions. If you have an online account with us, you are able to log into your account and access and update your personal information via this link

    access to your personal information, we may require some proof of identity. We will not charge you for simply making a request. If you wish to access the personal information we hold about you, please contact our Data Protection Officer using the contact details listed in Section 12 of the privacy policy.

    You also have the right to request that we correct any inaccurate personal information we hold about you subject to some exceptions. If you have an online account with us, you may be able to make these corrections via your account. [OneTrust]

    If you would like our help to correct the personal information we hold about you, please contact our Data Protection Officer using the contact details listed in Section 12 of the privacy policy. When contacting us to request access to or correction of any personal information we hold about you, we ask that you provide us with as much detail as you can about the information in question as this will help us to retrieve it.

    If we do not agree to your request to provide you with access to your personal information or to amend your personal information, we will inform you of our decision within a reasonable period. If you wish to complain about this outcome or to attach a statement to your record that you believe the personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading, please see our complaints procedure below.

  5. What is the process for complaining about a breach of privacy?

    If you believe that your privacy has been breached, please contact our Data Protection Officer using the contact details listed in Section 12 of the privacy policy.

    We will deal with any complaint by investigating it, and providing a response to you within a reasonable time, provided that we have all necessary information and have completed any investigation required. In some cases, we may need to ask you to put your complaint in writing so that we are sure that we understand it, and may also need to ask you for further information or to verify your identity. We will attempt to confirm as appropriate and necessary with you your understanding of the conduct relevant to the complaint and what you expect as an outcome. We will treat your complaint confidentially and respond to you within a reasonable time, usually in writing.

    If you are dissatisfied with the outcome, please contact us. Alternatively, you may take your complaint to the Privacy Commissioner at the Office of the Australian Information Commissioner (OAIC). The contact details for the OAIC are available from the OAIC’s website at www.oaic.gov.au

Appendix 2 – European Economic Area (EEA)

This EEA Appendix applies if you are based in the EEA during your interaction with us

  1. children’s personal information

    In the EEA, the definition of a child and when a parent must consent to certain information processing differs between countries and even between activities in a country but is generally between 13 and 16 years old. As a default, we apply a 16 year old limit across EEA countries when determining whether parental consent is required to process a child's personal information and in how we respond to data subject rights (although in exceptional cases and in accordance with local law we may treat a child younger than 16 years old as competent to exercise such rights without parental consent).

  2. Legal bases for processing personal information

    EEA data protection law allows data controllers to process personal information only when the processing is permitted by specific “legal bases” set out in law. In complying with our obligations under EEA data protection law, we are required to identify the “legal bases” on which we rely to process your personal information

    In Table 1 below, we have linked each purpose mentioned in Section 5 of the privacy policy to the relevant “legal bases”. For more details on each of the “legal bases”, please see Table 2 below.

    Table 1:
    Purpose of data processing Legal bases
    -contract performance
    -legitimate interests (to allow us to perform our obligations and provide services to you)
    -consent (which can be withdrawn at any time)
    -legitimate interests (to enable us to provide you with details of products and services that may be of interest to you)
    -consent (which can be withdrawn at any time)
    -egitimate interests (to enable us to administer your participation in surveys, promotions or competitions)
    -consent (which can be withdrawn at any time)
    -legitimate interests (to enable us to tailor our marketing to you)
    -contract performance
    -legal obligation
    -legitimate interests (to allow us to correspond with you in connection with our services)
    To improve the digital services -legitimate interests (to allow us to maintain and improve the quality of our services and products)
    For compliance with applicable laws and regulations -legal obligation
    -legitimate interests (to cooperate with law enforcement and regulatory authorities)
    For legal purposes -legal obligation
    -legitimate interests (to allow us to guard against fraud and other illegal activity)
    To re-organise or make changes to our business -legitimate interests (in order to allow us to change our business)
    -consent (which can be withdrawn at any time)
    -legitimate interests (to enable us to provide you with details of products and services that may be of interest to)


    Table 2:

    These are the principal legal bases that justify our processing of your personal information:
    Consent: we may ask for your consent to process your information at the time you provide this information to us. Where we rely on this basis, you have the right to withdraw your consent at any time by contacting us according to Section 12 of the privacy policy). If you withdraw your consent, we may be unable to provide a service that requires the use of such information.
    Contract performance: where your information is necessary to enter into or perform our contract with you.
    Legal obligation: where we need to use your information to comply with our legal obligations such as those relating to fraud, anti-bribery and corruption and anti-money-laundering, complying with requests from government bodies or courts, or responding to litigation.
    Legitimate interests: where we use your information to achieve a legitimate interest, i.e. to allow us to perform our obligations and provide online services to you.

  3. Profiling and Automated decision making

    We use fully automated algorithm-based technologies to verify that you are a paying subscriber of our mobile partner/affiliate, which is a requirement for the use of our digital services.
    Where we deliver advertising via social media, we may place you in an interest segment based on information you have provided to us or we have collected, in order to provide you with more relevant advertising.
    When we use these techniques we use measures to avoid legally discriminatory biases and inaccuracies. These automated processes may result in different content being shown to you.

  4. Export outside the EEA

    From time to time we may need to allow our staff or search providers, who may be located outside the EEA, access to your personal information. We may also make other disclosures of your personal information overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body.

    We will always take appropriate steps to ensure that any international transfer of personal information is carefully managed to protect your rights and interests.

    We will only transfer your personal information to jurisdictions which are approved by the European Commission as providing essentially equivalent protections to EEA data protection laws and therefore no additional safeguards are required to export personal data to these jurisdictions. In jurisdictions which have not had these approvals (see the full list here http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm), we will establish legal grounds justifying such transfer, such as EU Commission-approved model contractual clauses, certification schemes, Binding Corporate Rule, the EU - U.S. Privacy Shield or other legal grounds permitted by applicable legal requirements.

    Please contact us in accordance with Section 12 of the privacy policy if you would like to see a copy of the specific safeguards applied to the export of your personal information.

  5. Retention period

    We will retain your personal information for as long as is reasonably necessary for the purposes listed in Section 5 of the privacy policy. We may delete or de-identify your personal information sooner if we receive a verifiable deletion request, subject to exemptions under applicable law. We may retain your personal information for longer periods of time in circumstances where we are required to do so in accordance with legal, regulatory, tax or accounting requirements. For example:

    • If you contact us with support queries, we keep the information for between 3 and 18 months, depending on the nature of the query and whether you have registered with us for a digital services.
    • Where we process personal information in relation to the submission of end user content on our ddigital services, we will keep the personal information for as long as necessary in accordance with the specific terms of the activity.
    • We also keep a record of the fact that you have asked us not to send you direct marketing or to process your personal information indefinitely so that we can respect your request in the future.


  6. Your Rights

    In addition to the rights set out in Section 10 of the privacy policy, you may have the rights in certain circumstances under EEA data protection law to require us to :

    • Idelete any personal information that we no longer have a lawful ground to use;
    • where processing is based on consent, to withdraw your consent so that we stop that particular processing ;
    • to ask us to transmit the personal information you have provided to us and we still hold about you to a third party electronically;
    • object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
    • restrict how we use your personal information (e.g. whilst a complaint is being investigated).

    Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.

    If you are not satisfied with our use of your personal information or our response to any exercise of these rights you have the right to complain to the data protection regulator in the jurisdiction in which you are based – a list of EEA data protection regulators and their contact details can be found at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

Appendix 3 – Hong Kong

This Hong Kong Appendix applies if you are based in the Hong Kong during your interaction with us.

  1. children’s personal information

    In Hong Kong, children are generally referred as those aged under 18.

  2. Direct marketing

    We may use your name, contact details, location information, information about your use of our digital services (including your preferences, transaction pattern and behaviour) to send you marketing relating to our own, other WarnerMedia Entities and/or third party products and services in the following categories: gaming products, digital media services, events and entertainment services.

    We may also provide your personal information to other WarnerMedia Entities, so that they can send you marketing information in relation to the above products and services

    You consent is required to use or transfer your personal information to the parties above for direct marketing purpose.

Appendix 4 – India

This India Appendix applies if you are based in India during your interaction with us:

  1. children’s personal information

    children shall mean users under the age of 18.

  2. Export outside India

    In respect of personal information collected in, or transferred from India, we will not transfer or disclose any information to any other organisation, including other WarnerMedia Entities and other third parties with whom we conduct business with, who do not maintain the same security standards that are adhered to by us for the protection of your personal information, although such third parties may operate in jurisdictions which may not offer the same level of protection as the jurisdiction in which you are located.

  3. Retention period

    We will ensure that we will not retain personal information for longer than is reasonably required for the purposes for which the personal information may lawfully be used or is otherwise required under any applicable laws and shall procure that the third parties and agents employed by us for the purposes set out in this privacy policy shall not retain personal information for longer than is reasonably required for such purposes.

  4. Security Measures

    All of the personal information we collect is protected against unauthorized access by the adoption of security practices involving measures including, but not limited to [password protection, limitation of access to specified personnel on a need to know basis, encryption and other physical security measures.] We have also adopted information security protocols containing managerial, technical, operational and physical security control measures to protect personal information from misuse and unauthorized access which are commensurate with the information assets being protected and with the nature of business.

  5. Your Rights

    AIn addition to the rights set out in Section 10 of the privacy policy, you may also (i) withdraw any consent (including consent provided by parents in case of children) previously provided to us for processing your personal information, or (ii) request for deletion of records. by contacting our Data Protection Officer (also known as the Grievance Officer) according to Section 12 of the privacy policy. Where consent is required to process your personal information, if you do not consent to the processing or if you withdraw your consent we may not be able to deliver the digital services or other services.

    Users do not have the right to retrospectively withdraw consent or request for deletion of records required for statutory purposes but can withdraw consent to any further processing of his/her or his/her children’s personal information from the point such withdrawal of consent is communicated to us.

Appendix 5 – Indonesia

This India Appendix applies if you are based in India during your interaction with us:

  1. children’s personal information

    In Indonesia, we treat users aged under 21 as children.

Appendix 6 – Japan

This Japan Appendix applies if you are based in Japan during your interaction with us.

  1. children’s personal information

    In Japan, minors are generally referred as those aged under 18. However for the purpose of processing personal information, we treat users aged under 16 as children.

Appendix 7 – Malaysia

This India Appendix applies if you are based in India during your interaction with us:

  1. children’s personal information

    In Malaysia, children under the Personal Data Protection Act 2010 (“PDPA”) are persons under the age of 18 years.

  2. Direct marketing

    We may use your personal information to send you marketing relating to our own, other WarnerMedia Entities and/or third party products and services.

    We may provide your personal information to other WarnerMedia Entities, so that they can send you marketing information in relation to any of their products and services.

    Your consent is required to use or disclose your personal information for the direct marketing purpose above.

  3. Your rights

    In addition to the rights set out in Section 10 of the privacy policy, you have the rights under the PDPA to require us to limit the processing of your personal information including personal information relating to other persons who may be identified from that personal information.

  4. How can you contact us?

    f you have any questions about our privacy practices or the personal information we hold about you, please contact the Data Protection Officer according to Section 12 of the privacy policy. You can also contact the Data Protection Officer via [insert phone number].

  5. Data user

    “Data controller” under the PDPA is known as a “data user”. Therefore, all references to “data controller” under the privacy policy relates to a data user.

Appendix 8 – New Zealand

This New Zealand Appendix applies if you are based in New Zealand during your interaction with us..

  1. children’s personal information

    In New Zealand, children are generally referred as those aged under 18.

Appendix 9 – Philippines

This Philippines Appendix applies if you are based in the Philippines during your interaction with us.

  1. children’s personal information

    In the Philippines, children are persons under 18 years of age.

  2. Your Rights

    The Data Privacy Act of 2012 requires us to inform you about the existence of your rights as a data subject in case your personal information is collected, entered into our system or shared. In addition to the rights set out in Section 10, you have the following rights:

    • Right to be informed. You have a right to be informed whether your personal information shall be, are being, or have been processed, including the existence of automated decision-making and profiling.
    • Right to object. You have the right to object to the processing of your personal information, including processing for direct marketing, automated processing or profiling.
    • Right to erasure or blocking. You have the right to suspend, withdraw or order the blocking, removal or destruction of your personal information from our system.
    • Right to damages. You shall be indemnified for any damages sustained due to such inaccurate, incomplete, outdated, false, unlawfully obtained or unauthorized use of personal information, taking into account any violation of your rights and freedoms as data subject.
    • Right to data portability. Where your personal information is processed by electronic means and in a structured and commonly used format, you shall have the right to obtain from us a copy of such personal information in an electronic or structured format that is commonly used and allows your further use.
    • Right to file a complaint before the National Privacy Commission.
  3. Data Protection Officer

    You may communicate with our Data Protection Officer according to Section 12 of the privacy policy. You may also contact the Data Protection Office via [insert telephone number]

Appendix 10 – Singapore

This Singapore Appendix applies if we collect, use or disclose your personal information in Singapore during your interaction with us.

  1. children’s personal information

    We treat individuals under the age of 13 years as a child in Singapore.

  2. Offshore transfer of personal information outside Singapore

    We will only transfer your personal information to an overseas party, where we are satisfied that adequate levels of protection are in place to protect the integrity and security of personal information and will ensure that overseas recipients of your personal information are legally bound to provide a standard of protection for your personal information comparable to the protection afforded under the Personal Data Protection Act 2012 (No. 26 of 2012).

  3. Your rights

    In addition to the rights set out in Section 10 of the privacy policy, you have the right to withdraw any consent given in respect of the collection, use or disclosure of your personal information for any purpose by giving reasonable notice to the Data Protection Officer using the contact details in the privacy policy.

Appendix 11 – South Korea

This South Korea Appendix applies if you are based in South Korea during your interaction with us.

  1. Consent to collection and use of personal information and cancellation of consent

    We collect your personal information only to the minimum extent necessary to provide our digital services. In principle, in order to collect and use your personal information, we will first provide you with the information under the applicable laws and regulations and obtain your consent.

  2. children’s personal information

    In South Korea, we treat users under the age of 14 as from children.

  3. Transfer of personal information to service providers

    The names of service providers that perform business-related functions on our behalf to support our digital services and descriptions of their functions are as follows.

    Studiofix: maintenance and operation of the websites including collection and processing all your personal information on our behalf: studiofix.co.kr. Any changes in service providers and/or their functions will be posted on our digital services.

  4. Transfer of personal information due to change of control

    If we transfer your personal information to any third party due to merger, acquisition or sale, or as part of a bankruptcy proceeding, of our business, we will give you advance notice of the transfer by disclosing the following information on our digital services or through e-mail or other reasonable means:

    1. the fact that we will transfer your personal information;
    2. the name, address, telephone number and other contact information of the third party recipient of your personal information; and
    3. if you do not wish us to transfer your personal information, the means and steps available to you to cancel your consent.
  5. Sharing of personal information with other third parties

    We share your personal information with other third parties as described below.

    1. MGAME Corp. [Company website: http://www.mgamecorp.com/main.mgame; ‘Ghost Online’ website: http://hon.mgame.com/?mainMX=hon]
      • to provide channelling services in connection with the online game known as ‘Ghost Online’
      • national ID, date of birth, full name and gender
      • for so long as the data subject is an active registered account holder of ‘Ghost Online’
    2. Smilegate Megaport Inc. [Company website: http://www.smilegatemegaport.com/; ‘TalesRunner’ website: http://tr.hangame.com/index.asp]
      • to provide channelling services in connection with the online game known as ‘TalesRunner’
      • national ID, date of birth, full name and gender
      • for so long as the data subject is an active registered account holder of ‘TalesRunner’
    3. Cosmos Entertainment Inc. [Company website: https://company.cosmosenter.com/; ‘Z9 Star’ website: https://www.z9star.co.kr/]
      • to provide channelling services in connection with the online game known as ‘Z9 Star’
      • national ID, date of birth, full name and gender, nickname and connecting information
      • for so long as the data subject is an active registered account holder of ‘Z9 Star’.

  6. Export outside South Korea

    We may transfer your personal information outside South Korea as described below.

    1. [CATEGORIES OF TRANSFERRED PERSONAL INFORMATION]
    2. [JURISDICTION OF LOCATION OF OVERSEAS RECIPIENT, TRANSFER TIME AND TRANSFER METHOD]
    3. [NAME OF OVERSEAS RECIPIENT (FOR LEGAL ENTITY, NAME OF ENTITY AND CONTACT INFORMATION OF DATA PROTECTION OFFICER]
    4. [PURPOSE OF USE AND RETENTION AND USE PERIOD OF OVERSEAS RECIPIENT]

  7. Retention period

    If the stated retention period for personal information expires, if personal information is no longer necessary for the purposes described in this privacy policy or if you cancel your consent, we will promptly and permanently delete or destroy your personal information through means that will not allow data recovery, subject to exemptions under applicable law. More specifically, the following categories of your personal information will be retained by us for the duration of the periods specified below. In such case, we will use your personal information only for the purpose of retaining such personal information. The retention periods are as follows.

    Retention under Applicable Laws and Regulations:
    • Records on Contracts or Cancellation of Orders
      Purpose: Law on Protection of Consumers in E-Commerce
      Period: 5 years
    • Records on Payment and Goods and Services
      Purpose: Law on Protection of Consumers in E-Commerce
      Period: 5 years
    • Records on Electronic Financial Transactions
      Purpose:Purpose: Electronic Financial Transactions Law
      Period: 5 years
    • Records on Consumer Disputes and Resolution
      Purpose: Law on Protection of Consumers in E-Commerce
      Period: 3 years
    • Records of Website Visits
      Purpose: Communications Secrets Law
      Period: 3 months
    Retention under Applicable Laws and Regulations:

    In principle, we will promptly destroy your personal information in our possession once we achieve the purpose of collection and use of your personal information. The process and means of destroying your personal information are as follows.
    • Procedure

      Your personal information will be transferred to a separate database (or separate document file for paper documents) and destroyed after storage for a certain period pursuant to our internal policy or applicable laws and regulations (please refer to the retention and use period above). Such personal information will not be used for any purpose other than the purpose permitted under the applicable laws and regulations.

    • Method

      The personal information that has been printed on paper will be shredded through the use of document shredder or incinerated. The personal information stored in electronic file format will be deleted by using technical means that will not allow data recovery.


  8. Data protection [officer][department]

    Name: [*]
    Telephone: [*]
    E-Mail: [*]

Appendix 12 – Taiwan

This Taiwan Appendix applies if you are based in Taiwan during your interaction with us.

  1. children’s personal information

    In Taiwan, children are generally referred as those aged under 20.

  2. Direct marketing

    We may use your name, contact details, location information, information about your use of our digital services (including your preferences, transaction pattern and behaviour) for direct marketing purposes, including sending you marketing relating to our own, other WarnerMedia Entities and/or third party products and services and providing your personal information to other WarnerMedia Entities and/or third parties, so that they can send you marketing information in relation to their products and services.

    Your separate consent is required to use or transfer your personal information to the parties above for direct marketing purpose. You can withdraw your consent at any time.

    If you do not consent to provide your personal information for direct marketing purposes, you will not receive marketing information in relation to our own, other WarnerMedia Entities and/or third party products and services.

  3. Your Rights

    In addition to the rights set out in Section 10 of the privacy policy, you may have the rights in certain circumstances under Taiwan’s Personal Data Protection Act to require us to:
    • provide a copy of your personal information;
    • cease the collection, processing or use of your personal information; and
    • delete any personal information.

    If you are not satisfied with our use of your personal information or our response to any exercise of these rights, please contact the Data Protection Officer according to Section 12 of the privacy policy.

Appendix 13 – United States of America

This United States Appendix applies if you are based in the United States during your interaction with us.

  1. children’s personal information

    On most digital services, we do not knowingly collect information from children. On some digital services, we may ask the user to provide us with the user's age information. If the person indicates that he or she is under 13 years old, as permitted by law we will (i) collect no or limited personal information (e.g. persistent identifier and/or email address only) from that individual, (ii) inform the child that a parent's verifiable consent is required, and/or (iii) collect the email address of the user's parent in addition to the user's email address. We use the parent's email address to seek the parent's verifiable consent or notify the parent of his/her child's online activities and enable the parent to unsubscribe his/her child from a newsletter or other similar activity. Once a parent provides consent, we may use any information from the child consistent with the rest of this privacy policy and/or the terms of the consent provided by the parent. If a user is under 13, we will not condition his/her participation in an online activity on the disclosure of more personal information than is reasonably necessary to participate in the activity. If you would like to review any personal information that we have collected online from your child, have this personal information deleted from our active servers, and/or request that there be no further collection or use of your child's personal information, or if you have questions about these information practices, you may contact us at WMPrivacy@warnermediagroup.com, or at WarnerMedia Privacy Office, 4000 Warner Blvd., Bldg. 160, Burbank, CA 91522.

  2. Do-Not-Track Signal

    We do not currently take actions to respond to Do-Not-Track signals and similar signals because a uniform technological standard has not yet been developed. We continue to review new technologies and may adopt a standard once one is created.

  3. Nevada

    We don't sell personal information as defined by Nevada law.

  4. California Privacy Rights and Disclosures

    This California Privacy Rights and Disclosure section addresses legal obligations and rights laid out in the California Consumer Privacy Act, or CCPA. These obligations and rights apply to businesses doing business in California and to California residents and information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with California consumers or households (“California Information”).

    California Information We Collected

    In the year before the date this privacy policy was issued, on some digital services we may have collected the following categories of California Information:
    • Address and other identifiers – such as name, postal address, zip code, email address, account name, social security number, driver’s license number, payment card numbers, passport number, or other similar identifiers
    • Unique and online identifiers – such as IP address, device IDs, or other similar identifiers
    • Characteristics of protected classifications – such as race, ethnicity, or sexual orientation
    • Commercial information – such as products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
    • Internet, gaming or other electronic network activity information – such as browsing history, search history and information regarding an individual’s interaction with an internet website, application, or advertisement
    • Professional or educational Information
    • Video footage (e.g., CCTV); Audio recordings; Photographs; Calendar information
    • Location information – (e.g. if you access our digital services on your mobile device we may collect Information about your device’s precise location.)
    • In game or online viewing activities (e.g., videos viewed, pages viewed)
    • Inferences drawn from California Information, such as individual profiles, preferences, characteristics, behaviors.


    We may have collected these categories of California Information for the following purposes:
    • Performing services on behalf of the business, such as customer service, processing or fulfilling orders, providing content recommendations, and processing payments
    • Auditing customer transactions
    • Fraud and crime prevention
    • Debugging errors in systems
    • Marketing and advertising
    • Professional or educational Information
    • Internal research, analytics and development – e.g., user-preference analytics
    • Developing, maintaining, provisioning or upgrading networks, products, services, or devices.


    We may have obtained California Information from a variety of sources, including:
    • Directly from you, including technical and usage information when you use our digital services
    • Linked sites, such as third-party platform
    • WarnerMedia Group or AT&T affiliates
    • Our joint-ventures and promotional and strategic partners
    • Information suppliers
    • Distributors and other vendors
    • Marketing mailing lists
    • Other users submitting California Information about you, such as to invite you to participate in an offering, make recommendations, or share content
    • Publicly available sources.


    California Information We Shared:

    In the year before the date this privacy policy was issued, for some digital services we may have shared these categories of California Information for operational purposes with service providers, like processing your bill:
    • Address and other identifiers – such as name, postal address, email address, account name, or other similar identifiers
    • Unique and online identifiers – IP address, device IDs, or other similar identifiers
    • Commercial information – such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
    • Internet, gaming or other electronic network activity information – such as browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement
    • Professional or educational Information
    • Biometric information
    • Video footage (e.g., CCTV); Audio recordings; Photographs; Calendar information
    • Location information – (e.g. if you access our digital services on your mobile device we may collect Information about your device’s precise location.)
    • In game or online viewing activities (e.g., videos viewed, pages viewed)
    • Inferences drawn from California Information, such as individual preferences, characteristics, behaviors.


    The California Consumer Privacy Act defines ‘sale’ very broadly. It includes the sharing of California Information in exchange for anything of value. According to this broad definition, in the year before the date this privacy policy was issued, on some digital services we may have sold the following categories of California Information:
    • Address and other identifiers – such as name, postal address, email address, account nameor other similar identifiers
    • Unique and online identifiers – IP address, device IDs, or other similar identifiers
    • Commercial information – such as records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies
    • Internet, gaming or other electronic network activity information – such as browsing history, search history, and information regarding an individual’s interaction with an internet website, application, or advertisement
    • Location information - (e.g. if you access our digital services on your mobile device we may collect Information about your device’s precise location.)
    • Inferences drawn from California Information, such as individual profiles, preferences, characteristics, behaviors.


    Your California Privacy Rights to Request Disclosure of Information We Collect and Share About You

    If you are a California resident, the CCPA grants you the right to request certain information about our practices with respect to California Information. In particular, you can request the following:
    • The categories and specific pieces of your California Information that we’ve collected
    • The categories of sources from which we collected California Information
    • The business or commercial purposes for which we collected or sold California Information
    • The categories of third parties with which we shared California Information.


    You can submit a request to us for the following additional information:
    • The categories of third parties to which we’ve sold California Information, and the category or categories of California Information sold to each.
    • The categories of California Information that we’ve shared with service providers, like processing your bill.


    To exercise your CCPA rights with respect to this information, either visit here or contact us toll free at 833-WM-PRVCY (833-967-7829) or TTY: 833-PRVCY-TT (833-778-2988). These requests for disclosure are generally free.

    In addition to the CCPA, if you are a California resident, California Civil Code Section 1798.83 permits you to request information about our practices related to the disclosure of your personal information by certain members of WarnerMedia Group to certain third parties for their direct marketing purposes. You may be able to opt-out of our sharing of your personal information with unaffiliated third parties for the third parties’ direct marketing purposes in certain circumstances. Please send your request (along with your full name, email address, postal address, and the subject line labeled “Your California Privacy Rights”) by email at WMPrivacy@warnermediagroup.com.

    Your Right to Request The Deletion of California Information

    Upon your request, we will delete the California Information we have collected about you, except for situations when that information is necessary for us to: provide you with a product or service that you requested; perform a contract we entered into with you; maintain the functionality or security of our systems; comply with or exercise rights provided by the law; or use the information internally in ways that are compatible with the context in which you provided the information to us, or that are reasonably aligned with your expectations based on your relationship with us.

    To exercise your right to request the deletion of your California Information, either visit here or contact us toll free at 833-WM-PRVCY (833-967-7829) or TTY: 833-PRVCY-TT (833-778-2988). These requests are generally free.

    Your Right to Ask Us Not To Sell Your California Information

    You can always tell us not to sell your California Information by visiting here.

    Once we receive and process your request, we will not sell your California Information unless you later allow us to do so.

    Our Support for the Exercise of Your Data Rights

    We are committed to providing you control over your California Information. If you exercise any of these rights explained in this section of the privacy policy, we will not disadvantage you. You will not be denied or charged different prices or rates for goods or services or provided a different level or quality of goods or services.

    Consumers Under 16 Years Old

    CCPA has specific rules regarding the use of California Information from consumers under 16 years of age. In particular, consistent with the CCPA, if we knowingly collect the California Information of a consumer under the age of 16, we will not sell the information unless we receive affirmative permission to do so. If the consumer is between the ages of 13 and 16 years of age, the consumer may provide that permission; if the consumer is under the age of 13, the consumer’s parent must provide the permission.

    If you would like further information on how we handle California Information from consumers under the age of 16 years of age, or if you have questions about these information practices, you may contact us here [wmprivacy@warnermediagroup.com], or at WarnerMedia Privacy Office, 4000 Warner Blvd., Bldg. 160, Burbank, CA 91522.

Appendix 14 – Vietnam

This Vietnam Appendix applies if you are based in the Vietnam during your interaction with us.

  1. Legal bases for processing personal information

    Vietnam’s data protection laws allow data controllers to process personal information only when the processing is permitted by specific “legal bases” set out in law. In complying with our obligations under Vietnam’s data protection law, we are required to identify the “legal bases” on which we rely to do processing of personal information that means the performance of one or some operations of collecting, editing, utilizing, storing, providing, sharing or spreading personal information in cyberspace for commercial purpose.

    In Table 1 below, we have linked each purpose mentioned in Section 5 of this privacy policy to the relevant “legal bases”. For more details on each of the “legal bases”, please see Table 2.

    Table 1:
    Purpose of data processing Legal bases
    -contract performance
    -legitimate interests (to allow us to perform our obligations and provide online services to you, including pricing and calculating charges for use of digital services)
    -consent (which can be withdrawn at any time), except for personal information that has been publicized on E-commerce websites
    -consent (which can be withdrawn at any time), except for personal information that has been publicized on E-commerce websites
    -consent (which can be withdrawn at any time), except for personal information that has been publicized on E-commerce websites
    -contract performance
    -legal obligation
    -legitimate interests (to allow us to correspond with you in connection with our services)
    -consent (which can be withdrawn at any time), except for personal information that has been publicized on E-commerce websites
    -legal obligation
    -legitimate interests (to cooperate with law enforcement and regulatory authorities where the competent State administrative authority so requests in accordance with law)
    For legal purposes -contract performance
    -legal obligation (including implementing written mutual agreements with service providers regarding the provision of personal information) -legitimate interests (to allow us to guard against fraud and other illegal activity)
    To re-organise or make changes to our business -consent (which can be withdrawn at any time), except for personal information that has been publicized on E-commerce websites
    -consent (which can be withdrawn at any time), except for personal information that has been publicized on E-commerce websites


    Table 2:

    These are the principal legal bases that justify our processing of your personal information:
    Consent: we may ask for your consent to process your information at the time you provide this information to us. Where we rely on this basis, you have the right to withdraw your consent at any time by contacting us according to Section 12 of the privacy policy). If you withdraw your consent, we may be unable to provide a service that requires the use of such information.
    Contract performance: where your information is necessary to enter into or perform our contract with you.
    Legal obligation: where we need to use your information to comply with our legal obligations such as those relating to fraud, anti-bribery and corruption and anti-money-laundering, complying with requests from government bodies or courts, or responding to litigation.
    Legitimate interests: where we use your information to achieve a legitimate interest, i.e. to allow us to perform our obligations and provide online services to you.

  2. Export outside Vietnam

    From time to time we may need to allow our staff or service providers, who may be located outside Vietnam, access to your personal information. We may also make other disclosures of your personal information overseas, for example if we receive a legal or regulatory request from a foreign law enforcement body.

    We will always take appropriate steps to ensure that any international transfer of personal information is carefully managed to protect your rights and interests.

    We will only transfer your personal information to jurisdictions or oversea entities which are agreed in your given consent to us.

  3. Retention period

    We will retain your personal information for as long as is reasonably necessary for the purposes listed in Section 5 of the privacy policy. We may delete or de-identify your personal information sooner if we receive a verifiable deletion request, subject to exemptions under applicable law. We may retain your personal information for longer periods of time in circumstances where we are required to do so in accordance with applicable laws and regulations or an authorized authority’s decision.

  4. Your rights

    In addition to the rights set out in Section 10 of the privacy policy, you may have the rights in certain circumstances under the laws of Vietnam to require us to stop providing your personal information to a third party.

    Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), our interests (e.g. the maintenance of legal privilege) or technical reasons. If you exercise any of these rights we will check your entitlement and respond in most cases in timely manner.

Brought to you by:
In partnership with: