Privacy Notice

Your privacy is important to us at Embracer Group (publ) ("Embracer” "we" or "us"). This privacy notice describes how Embracer Group, as a personal data controller according to the definition in the EU General Data Protection Regulation (GDPR) collects and processes your personal data.

Personal data controller

Embracer Group AB
Tullhusgatan 1B
SE-652 09, Karlstad
Sweden
Company registration number: 556582-6558

Please submit inquiries regarding personal data protection, privacy, and security matters using the contact information at the end of this notice.

Processing of personal data

We collect your personal data only when we have a specific purpose and a legal basis for our processing. Below, you can read more about the purposes for which we process personal data, the types of personal data we process to achieve each purpose, the legal basis for our processing and the duration for which we process the personal data.

Purpose: to send you relevant information and marketing

We will process your personal data when you create a subscription account on our website to receive communication from us.
The category of personal data processed for this purpose is your e-mail address.
When you subscribe to communication from us, we process your personal data with your consent as a legal basis.
We will process your personal data to send you relevant information and marketing for as long as you have a subscription account. You can unsubscribe from further communication through the link in each e-mail you receive from us.

Purpose: to maintain security at our website

We will process your personal data when you visit our website www.embracer.com. Our purpose with this processing is to ensure security at the website.
The category of personal data we collect when you visit our website is your IP address.
Our legal basis for the processing for this purpose is our legitimate interest in maintaining a secure website.
We process your personal data for a maximum period of 14 days after your last visit to the website.

Purpose: to respond when you contact us by e-mail

We will process any personal data included in e-mail correspondence with you when you have contacted us.
The legal basis for the processing of your personal data is our legitimate interest to respond to communication and to perform the appropriate actions to fulfil your request.
We will only process the personal data in the e-mail correspondence for as long as necessary for us to respond to your inquiry and to take the necessary actions. We may process your personal data for a longer period if it is necessary in order for us to safeguard the rights of our company or if it is necessary according to applicable law or regulation.

Purpose: to provide a whistleblowing service

If you use our whistleblowing service to report serious problems or suspicions, we will process the personal data included in your report. This might include categories of sensitive personal data, if the report contain such information.
Our legal basis for the processing of personal data included in reports to our whistleblowing service is our legal obligation to maintain such a service.
The personal data included in a report to our whistleblowing service can be processed for two years after we have concluded a follow-up case following a report. However, we will only store the information necessary for us to comply with our legal obligation to maintain documentation of our follow-up cases. Any personal data that is not necessary for the documentation of the follow-up case will be deleted.

Third parties

Service providers

We use external service providers who may process personal data on our behalf. These service providers provide services related to, for example, the website, marketing, and IT support. External service providers may have access to and process your personal data if it is necessary for their tasks, but they do so under our responsibility. All external service providers are under contract to fulfill appropriate data protection standards.

Other recipients

In the case of a merger, sale of the whole or part of the company, or acquisition of companies, your personal data may be transferred to or from the parties involved. We may also transfer your personal data to Embracer Group companies, regulators, other public authorities, and legal advisors as deemed necessary.

Links to external websites and services

Our website contains interactive links to third-party websites. These third-party providers collect data about your online activities, such as the websites you visit, the automatic transmission of your IP address, and the use of cookies. For more information about these services or how to disable these services, see the web pages for these services.

International transfers

We strive to keep your personal data stored and processed within the EU / EEA. If we need to send your personal data to a third country, we will take all necessary technical, organizational, and contractual actions to ensure an adequate level of protection for personal data transmitted. If you want to know more about our security measures for transfers of personal data, kindly contact us at [email protected].

Your rights

You have several rights when we process your personal data. You can contact us at any time concerning these and if you wish to exercise any of the rights described below. We reserve the right to take appropriate security measures to ensure that you are the person you claim to be when you contact us. If you cannot satisfactorily demonstrate your identity, we may not be able to meet your request fully.

Access to personal data

You have the right to know what personal data we process about you. If you wish to receive your personal data, you can get a compiled register extract from us that contains all the personal data we process about you.

Correction and deletion

If your personal data is incomplete or wrong, you have the right to have it corrected or supplemented. You also have the right to request that your personal data should be deleted. Please keep in mind that we may not be able to provide you with our services if you request to have your personal data deleted.

Restrictions to processing

Under certain conditions, you have the right to request that we restrict our processing of your data. This means that we mark the data so that we only process it for certain specific purposes in the future. Please keep in mind that we may not be able to provide you with our services if we restrict the processing of your personal data.

Right to data portability

In some circumstances you have the right to request that your personal data shall be transferred to another data controller in a structured, commonly used, and machine-readable format.

Right to make objections

You have the right to object to the processing of personal data that is carried out to perform a task based on the legal basis of legitimate interest.

Right to lodge a complaint

If you believe that we have not processed your personal data correctly, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection. You can read more about this on their website, www.imy.se

Right to withdraw consent

If you have given your consent to a processing, you have the right to withdraw your consent at any given time. We will immediately stop the processing upon withdrawal of your consent unless we are required by law to retain the personal data for longer.

Updates to this notice

From time to time, we update this notice to reflect any changes in how we handle your personal data. Should we make significant changes to how we process personal data that we are obliged to notify you about or ask for your consent again, we will do so.

This privacy notice was last updated on 2025-05-27.

Contact

Data Protection Officer
E-mail: [email protected]

Mail:
Embracer Group AB
Att. Data Protection Officer
Tullhusgatan 1B, SE-652 09, Karlstad, Sweden