Over the past several years, we have made it a priority to ensure that our account deletion process is completely compliant with the requirements outlined in the General Data Protection Regulation (GDPR). Specifically, we adhere to Article 5.1.e, which highlights the obligation to limit the retention period of data. By aligning our policies with both legal requirements and industry standards, we not only safeguard the privacy and security of our users’ data but also protect them from potential fraudulent activities.
Implementing an account deletion requires a highly stringent process that takes into account four crucial criteria before proceeding with the deletion:
1. Gaming Activity: We carefully evaluate the gaming activity of an account since its creation. This assessment is important as it helps us determine the level of engagement and the potential impact on the user’s experience within our platform.
2. Account Libraries: Accounts that have purchased PC games are not eligible for deletion. This limitation is in place to ensure that users retain access to their purchased content and can continue enjoying the games they have acquired.
3. Duration of Inactivity: We consider the duration of inactivity on an account, which refers to the last login to our ecosystem. This includes activity within Ubisoft games on platforms like Steam and others. Currently, we have never deleted accounts that have been inactive for less than four years, emphasizing our commitment to preserving user data in most cases.
4. Active Subscriptions: If an account has an active subscription tied to it, it is exempt from deletion. This exemption guarantees that users who have ongoing subscriptions can continue to benefit from our services without interruption.
In order to ensure transparency and provide users with opportunities to reconsider their decision before deletion becomes permanent, we have established a thorough communication process. The following steps are taken before account deletion:
1. Notification Emails: We send three consecutive emails to the user over the course of 30 days, prior to deleting their account. These emails inform the user about the impending deletion and offer them a chance to restore their account.
2. Warning and Reactivation: If a user attempts to log in during the 30-day window after being notified about the account deletion, they will receive an automatic warning. This warning includes a link that allows them to reactivate their account, providing a last-minute opportunity for reconsideration.
By following this multi-step process, we strive to avoid any unintentional deletions and provide our users with fair warning and multiple chances to retain their accounts if they wish to do so.
Our commitment to the principles of GDPR and the industry’s best practices is paramount. We understand the importance of privacy and the responsibility we hold in protecting our users’ personal information. By continuously reassessing and upgrading our account deletion process, we aim to provide our users with a secure and transparent environment that respects their choices and safeguards their data.
In conclusion, our account deletion process adheres to the strict criteria outlined above, ensuring compliance with GDPR requirements and industry standards. We are diligent in preserving user data while also offering necessary protection against fraudulent activities. Through clear communication and multiple opportunities for account restoration, we strive to maintain transparency and user satisfaction throughout the deletion process.
