Privacy Policy

CCP ehf. (hereinafter referred to as “CCP”, “we,” “our,” “us”) recognizes that you care how your personal data is collected and used. CCP has created this Privacy Policy to inform you of our practices regarding collection, use, and sharing of personal data. Please read the following carefully to understand our views and practices regarding your personal data and how it will be treated.

This Privacy Policy describes the different ways we may collect, use and share information on, through or in connection with our Services. We use the term Services to describe our products and services, including, for example:

Your use of Services can also be subject to any applicable Terms of Service, including but not limited to the relevant End User License Agreement (“EULA”). This privacy policy forms part of our Terms of Service.

This Privacy Policy also applies to individuals other than our customers, employees and job applicants, including our contact points with vendors and other third parties which we do business with (“business partners”) and guests at the CCP headquarters in Reykjavik, Iceland (“CCP Headquarters”) (collectively, referred to as “business contacts”).

For the purpose of any applicable data protection and privacy legislation, the data controller is CCP ehf. of Bjargargata 1, 102 Reykjavík, Iceland.

We have appointed a Data Protection Team and a Data Protection Officer to oversee compliance with this Privacy Policy. The Data Protection Team may be contacted at and the Data Protection Officer can be contacted at

This Privacy Policy will be published in English but may be translated into additional languages for convenience of the reader. If this Privacy Policy is published in any language other than English, the English language version will be the governing agreement and shall control interpretation of all matters discussed below.

This Privacy Policy is based on the General Data Protection Regulation 2016/679 (“GDPR”) and Icelandic data protection legislation (collectively referred to as “European Data Protection Legislation”), as CCP is established in Iceland.

Processing Of Personal Data Of Customers

A. What personal data do we collect and why?

We collect personal data from the users of our Services. What personal data is collected about you depends on your use of our Services.


When you use our Websites, we gather information about your computer, including the following personal data:

  • IP address;
  • operating system; and
  • browser type.

We also collect information regarding customer traffic patterns and Website usage, which may be stored with an IP address, including details of:

  • transactions you carry out through our Websites;
  • fulfilment of your orders;
  • your visits to our Websites, such as location data, traffic, weblogs, referring web addresses and resources you access, including pages visited and search terms entered.

Please read our Cookie Policy to learn more about how we use cookies and web analytics. You can find our Cookie Policy at

We also collect information you voluntarily provide when you sign up to receive news and other announcements from us.

Accounts And Purchasing

Depending on the Services, you may be asked to provide the following personal data when you create an account to access our Services or otherwise purchase Services from CCP or our business partners:

  • name;
  • age;
  • valid email address;
  • phone number;
  • payment method; and
  • other information necessary to confirm ownership of account, such as a credit card number.

During the registration process you may are also be asked to select a password, login name and a character name. We also store your transaction data and subscription status.

If you do not provide the above listed data, we may not be able to provide you with the requested products or services, although some of our Services may be accessible via Guest Account, with no registration required. We may also ask you for personal data when you enter a competition or promotion sponsored by us, or our business partners, or when you report a problem with our Services.

When account creation and purchasing relating to our Games takes place via our third-party business partners, such as PlayStation®, Steam, Google, Apple and Meta, we receive the account and purchasing data from those third parties.


Depending on the Services, we may collect the following personal data relating to your player account:

  • first and last name, profile name or other identification;
  • email address;
  • age and date of birth;
  • country of residence;
  • preferences and settings, including communication or content restrictions and parental control settings;
  • language selection;
  • activity of an account;
  • transactions carried out through using stored tokens;
  • friends and block lists, where applicable; and
  • any other information you voluntarily provide in relation to your player’s account.

We may also collect your gameplay information, meaning any information relating to your play or use of a Game, including your:

  • gameplay statistics;
  • in-game transaction history and trends;
  • history of technical issues and support usage; and
  • history of contributed and received user content, such as messages in chat rooms, on bulletin boards and other user-to-user areas.

We may collect technical information about your computer, device, hardware or software in order to be able to provide you with the Services, to monitor compliance with the Terms of Service and for the purposes of fraud-prevention, including your:

  • Ip address;
  • operating system;
  • browser type;
  • CPU/processor;
  • memory;
  • graphics card;
  • network adapter;
  • MAC address; and
  • local/regional settings.

We may also use your IP address to monitor your compliance with the Terms of Service, including to connect your different accounts.

For the purposes of monitoring compliance with the applicable Terms of Service, we also keep a description of your breaches of the Terms of Service. This may include information on inappropriate and/or restricted conduct, complaints involving your actions from other players, whether you have been banned from specific Games, whether your account/s has/have been suspended or the EULA terminated and for what reason. In limited cases we may also process data regarding your conduct outside the Games where such data is relevant to the respective breach of the Terms of Service.

When using our mobile games, such as EVE Galaxy Conquest™, we process your location data in order to optimize our server load, but only if you consent to such processing of your location data.

As a general rule we collect personal data from you both directly and indirectly, such as from your activity on our Websites and in our Games. We may however collect personal data about you from third parties through Web Analytics, as further described in our Cookie Policy at In relation to refunds or ownership verification we may also request your credit card information from our payment service provider. The same can apply if we need to verify that an account has been hacked. In case we receive a complaint about your activities in the Games, such data is usually received from other players.

Customer Support & Quality Assurance

We use the following personal data when providing support to our customers:

  • IP addresses;
  • in-game activity;
  • player’s communication with CCP and with each other; and
  • other data voluntarily submitted by the data subject or another customer.

We assure the quality of our Services by testing the Games and carrying out bug reporting, during which we may also process the following data, in addition to the above:

  • hardware information; and
  • player account data.

Volunteer Program

When applying to become a volunteer in the EVE Online® volunteer program you are required to provide the following personal data:

  • name and contact data;
  • professional experience; and
  • relevant skills and qualities.

We also ask you to answer questions regarding your use of EVE Online® as well as other questions which are necessary for us to choose the right candidates for the volunteer program. If you do not provide the above data, we may not be able to consider you for a position in the volunteer program. Volunteers at a Lead or Senior Lead level have access to the questionnaire data of players who apply to the EVE Online® volunteer program.

The following information is processed on successful candidates who become a part of the volunteer program:

  • scan of ID;
  • credits received for use in game; and
  • registry of support activities undertaken by the volunteer.

Our processing of personal data of applicants for the volunteer program is necessary to take steps prior to entering into a contract regarding volunteer services, while the processing of personal data of our volunteers is necessary for the performance of such a contract.

B. How do we use your data and on what ground?

To Contact You

We may use your personal data to contact you. For example, we may send you e-mail messages under the following circumstances:

  • to respond to an inquiry or request for information;
  • to welcome you to our Services;
  • to send you news and announcements, for example about projects in development;
  • to communicate with you regarding your use of the Services; and
  • to notify you about changes to our Services.

It may be necessary for us to contact you for the performance of our Services, but also for the purposes of our legitimate interests of maintaining our business relationship.

To Provide Services

When you create an account or otherwise use Services from CCP we use the personal data provided to verify your identity and age and to provide services and carry out our obligations arising from any contract between you and CCP. The same applies to the personal data provided in relation to your player account.

The processing of players’ gameplay information is necessary for us to perform our contract with players of the respective Games. The information may also be necessary for maintaining, operating, developing, administrating and supporting our Services, for example through Customer Support and Quality Assurance.

Moreover, the processing of gameplay information furthers CCP’s legitimate interests of reviewing, researching and developing our Services.

Our processing of personal data of applicants for the volunteer program is necessary to take steps prior to entering into a contract regarding volunteer services, while the processing of personal data of our volunteers is necessary for the performance of such a contract.

To Ensure Compliance With The Terms Of Service

The monitoring of your Game hardware, as described herein, furthers CCP’s legitimate interest of monitoring whether unauthorized software is being used in contravention of the applicable Terms of Service.

Processing of complaints from other players and information regarding breaches of the applicable Terms of Service is also based on CCP’s legitimate interests to ensure the compliance of all players with these Terms of Service.

For Marketing Purposes

We may use your personal data for marketing purposes, based on our legitimate interest. For example, we may use your e-mail address to send you messages about new offerings and features of CCP and to market and offer CCP’s products and services which we think you might be interested in, based on your actions and activity in our Games. We may also use your e-mail address to enable us to display personalized ads to you via social media sites.

You can always opt-out of receiving marketing messages from us by contacting the Data Protection Team and/or clicking the unsubscribe link in e-mails you receive from us.

We may also ask for your consent to send you marketing for the products and services of our business partners. When the collection and processing of your personal data is based on your consent, you can always withdraw the consent. All communications relating to such withdrawal shall be directed to our Data Protection Team.

To Manage Playtests

When you participate in an alpha, beta, or early access test (collectively “Playtests”) we may use the information you provide during the sign-up process, as well as your gameplay information and any feedback you may provide, in order to manage the playtest. The processing of data may vary, depending on the type of test you participate in.

C. To whom is your personal data disclosed?

Disclosure To CCP Companies

As the CCP corporate group works closely together to create cutting edge games, we may share your personal data with our subsidiary companies and our parent company for the purpose of improving and developing our Services. These companies are:

  • CCP Games UK Limited, United Kingdom;
  • CCP Information Technology (Shanghai) Co. Limited, People’s Republic of China; and
  • Pearl Abyss Corporation, Republic of Korea.

Disclosure To Third Parties

CCP may disclose your personal data to third party contractors, consultants and suppliers in relation to their work for us. Personal data may for example be disclosed to external parties which provide us with IT services and third parties which assist us in administering, operating, maintaining and supporting the Services, based on our legitimate interests of outsourcing such services. We ensure that these third parties process your personal data in accordance with this Privacy Policy based on a specific data processing agreement.

In the event you make a payment on our Websites through a payment service provider, we may transfer your contact details, that is name, address and e-mail address, to the applicable payment service provider, where it is necessary for the execution of payment.

We may also transfer hashed e-mail addresses of our players and account holders to third party platforms, which enables us to display personalized ads to persons on our e-mail list. This transfer is based on our legitimate marketing interests.

You can always opt-out of the transfer of your e-mail address to third parties by contacting the Data Protection Team.

CCP may disclose your personal data to law enforcement or other government officials, as CCP, in its sole discretion, deems necessary or appropriate to investigate or resolve possible crimes or to respond to judicial, regulatory, agency or similar inquiries. Disclosure may also be necessary in emergency situations and to ensure the rights and safety of customers, CCP staff or third parties.

If the ownership or control of all or part of our Services changes, we may transfer your personal data to the new owner.

Aggregated Information

We may collect aggregated demographic information about our users, such as age, interests, etc. We may share certain aggregated demographic information with our business partners regarding the users of the Services. The aggregated information that we provide is not directly linked to you or any other identifiable person and is therefore not considered personal data.

International Transfer Of Data

The data we collect from you may be transferred to, stored and processed by CCP companies at one or more destinations both inside and outside the European Economic Area (“EEA”), including the Republic of Korea and the People’s Republic of China for any purposes set out in this Privacy Policy.

Our contractors, consultants and suppliers may also be located outside the EEA.

However, we only transfer your personal data to countries outside the EEA if such transfer is permitted under the applicable privacy legislation. The transfer to CCP companies outside of the EEA is based on Standard Contractual Clauses adopted by the European Commission.

D. Information about children

We do not knowingly collect any personal data from children under 13 years of age. If you become aware that a child has provided us with personal data without necessary parental consent, please contact the Data Protection Team.

E. How long do we keep your data?

Except as otherwise permitted or required by applicable law or regulatory requirements, we are committed to retaining your personal data only for as long as it is necessary for you to use our Services or until you request to have your personal data deleted, whichever comes first.

If you request to have your personal data deleted, we will delete your personal data from your Player Account, which will render other data, such as Gaming Data, anonymous and non-traceable to you as an individual. The user generated content that you have created, such as your avatar, messages in chat rooms, on bulletin boards and other user-to-user areas may not be deleted, but you will not be associated with that content after the deletion of your Player Account personal data.

Data regarding permanent suspension of a player is kept for an unlimited period, as the player is permanently suspended from parts of our Services. In such cases, Player Account data cannot be deleted, as it is necessary for CCP to keep a record of the ban in order to prevent the player from accessing specific Services again.

We may keep your personal data for longer for research or statistical purposes. If we do, we will make sure your personal data is anonymised and non-traceable to you as a person. We may also keep your personal data for longer if required to do so for legal or regulatory reasons.

Processing Of Personal Data Of Business Contacts

A. What personal data do we collect about our business contacts and why?

We collect and maintain different types of personal data on our business contacts, depending on our relationship with them.

For business management purposes and to be able to reach our business partners easily, we process the following personal data on our business contacts:

  • contact details, including name, place of work, telephone and e-mail address; and
  • communication between the business contact and CCP.

The above personal data usually comes directly from you, or the entity you work for, i.e. our business partner. The processing of the data is based on the legitimate business interests of CCP to maintain a relationship with its business contacts as well as on CCP’s contract with its business partners where the communication is necessary for the performance of that contract.

When you visit the CCP Headquarters we may ask you to sign into our visitor management system, where you are asked to provide the following information:

  • contact details, including name, place of work and e-mail address;
  • photograph; and
  • who you are meeting with.

You will also be asked to sign a confidentiality and non-disclosure agreement regarding any proprietary information you may become aware of during your visit.

The reason we ask you for the above personal data is for us to maintain a safe work environment at the CCP headquarters, for both our employees and guests, by being able to identify our guests at any given time.

At the CCP Headquarters, we also use video surveillance, which may record your presence during your visit.

Our processing of personal data via the visitor management and video surveillance systems are based on our legitimate interests of maintaining a safe work environment, as well as safeguarding networks, devices and other property of CCP.

B. To whom is the personal data of business contacts disclosed?

We may share your personal data with contractors, consultants and other third parties who require such data to assist us with managing our relationship with you. Third parties who provide us with information technology and data processing services may also have access to your data, as necessary.

These third parties may be established outside the EEA. However, we only transfer your personal data to countries outside the EEA if such transfer is permitted under applicable privacy legislation.

Your personal data may also be disclosed to third parties as permitted or required by applicable law.

Moreover, your personal data may be disclosed to third parties due to regulatory requirements or in order to comply with valid legal processes such as search warrants, subpoenas or court orders. In addition, personal data may be disclosed or transferred to a third party in the event of a change in ownership of CCP.

C. For how long does CCP keep data of business contacts?

We keep the contact data of our business contacts for four (4) years after the end of our contract with a business partner. If data relating to our business contact falls under book-keeping laws, such data is kept for seven (7) years, in accordance with Icelandic book-keeping laws.

We keep personal data collected via our visitor management system data, and the confidentiality and non-disclosure agreements signed in that system, for as long as we deem necessary based on the nature of our relationship with you.

How Is Your Data Protected?

We take precautions to protect your personal data from loss, unauthorized access, copying, use, modification or disclosure.

CCP’s security measures include industry-standard technology and equipment to help protect your personal data, and we maintain security measures to allow only the appropriate personnel and third parties access to your personal data.

Where we have given you (or where you have chosen) a password that enables you to use/access the Services, you are solely responsible for keeping this password confidential. We ask that you not share your password with anyone.

How Can You Exercise Your Rights Provided Under Data Protection Legislation?

CCP is committed to ensuring your rights under the European Data Protection Legislation.

Customers can view and rectify some elements of their personal data on their online account system, or request that our Data Protection Team rectify their data. Should business contacts require the rectification of their data, a request should be submitted to the Data Protection Team.

You have the right to access the personal data CCP has collected about you and to be informed about the purpose of its collection. You may also be entitled to a copy of the personal data undergoing processing. Furthermore, you may under certain circumstances and where technically feasible, have the right to request us to transfer your personal data to a third party.

You may also have the right to request us to restrict the processing of your personal data, for example if you object to its processing, but prefer the data not to be erased.

If the processing of your personal data is based on CCP’s legitimate interests, you have the right to object to the processing, following which we must stop the processing unless we demonstrate a compelling legitimate ground for the processing which override your interests.

In certain instances, you have the right to have your personal data erased, such as where the data is no longer necessary in relation to the purpose for which they were collected or otherwise processed, or if you withdraw your consent for the processing of your personal data.

Your rights to access, erasure, restriction and portability of data are however not absolute. In those instances where we cannot accept your request, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

Please refer all requests concerning your rights to our Data Protection Team, contactable via In general, we keep requests from data subjects for a year from their receipt. Disputed requests may however be kept for longer, if deemed necessary.

Change Of Control

If CCP experiences a “Change of Control” (defined below), then we may amend our privacy practices as described in this Privacy Policy. We will disclose your personal data to the company or other legal entity that succeeds our operation of the Services. The privacy policy of the succeeding legal entity will then govern the personal data that we have collected from you under this Privacy Policy. However, if applicable law prohibits the succeeding legal entity’s privacy policy from governing your personal data, then this Privacy Policy shall continue to govern. “Change of Control” means any of the following events:

  • a reorganization, merger, consolidation, acquisition or other restructuring involving all or substantially all of our voting securities and/or assets, by operation of law or otherwise;
  • insolvency;
  • a general assignment for the benefit of creditors;
  • appointment of a receiver for our business or assets;
  • we become subject to any bankruptcy or insolvency proceedings, whether domestic or foreign; or
  • our liquidation, voluntarily or otherwise.

Links To Other Websites

The Websites may contain links to other websites. We are not responsible for and shall not have any liability arising from the privacy practices or the content of other websites.

Questions About This Privacy Policy

If you have any questions about this Privacy Policy or how we manage your personal data, please contact our Data Protection Team at or our Data Protection Officer at

We can also be contacted at the following address:

Bjargargata 1
102 Reykjavik

If you are unsatisfied with our response, you are entitled to make a written submission to the respective data protection authorities, including the Icelandic Data Protection Authority (

Revisions To This Privacy Policy

CCP may make changes to this Privacy Policy to reflect changes to our legal or regulatory obligations or to the manner in which we process your personal data. Any changes to this Privacy Policy will be effective from the time they are posted on the Websites or under the applicable Terms of Services, as applicable.

Last Updated: 8 March 2024