Last updated: January 24, 2025
This notice describes how Electronic Arts Inc. (“EA, Inc.”) and/or one or more of its local subsidiaries as better described in Section 8 below (“EA”, “we”, “us”, “our”), processes the personal data disclosed as part of reports submitted through a confidential online reporting system operated by NAVEX on behalf of EA (the “Reporting Line”, also referred to hereinafter as the “Platform”).
The Reporting Line is made available globally by EA to individuals wishing to report concerns relating to EA’s operations, including concerns around any proven or suspected breach of EA’s legal, regulatory and/or ethical obligations and commitments (“User(s)”, “you”, “your”).
EA is a controller of the personal information that may be collected in relation to the use of the Reporting Line, as further described in Section 1 below. EA's representative in the European Union is Electronic Arts Ireland Limited and EA’s representative in the UK is Electronic Arts Ltd.
Please note that all capitalized terms used in this notice but not expressly defined shall be construed with the meaning conferred on it under applicable law.
Unless otherwise specified, we collect Personal Information about Users of the Reporting Line and other individuals identified or otherwise referred to within the report form and/or subsequent investigation processes (including persons who are the subject of the report, persons involved, consulted or heard in the gathering or processing of the report and/or facilitators and persons in contact with the issuer of the report, as the case may be) in the following manners:
Such Personal Information includes:
Personal Information of Users of the Reporting Line
Personal Information of other individuals
Please note that the use of the Reporting Line is entirely optional. Depending on the location you selected, there may be other means of raising concerns. Unless prohibited under applicable law locally, EA provides Users of the Reporting Line with the possibility to submit an anonymous report. Please note that if you choose to submit an anonymous report, some of the above-listed Personal Data will not be processed. If you choose to submit a regular (non anonymous) report, please note that you are free to determine the nature and level of information that you provide about yourself.
We acknowledge that, in filling a report, you are free to determine the nature and level of information that you deem necessary and relevant to the reporting purpose. You can choose to provide information about yourself, and to provide information about other individuals, but while doing so, please bear in mind that the information provided in a report: (i) must be factual and directly related to the subject of the alert and (ii) must not fall within the scope of national defense secrecy, medical secrecy, the secrecy of judicial deliberations, the secrecy of judicial inquiries or investigations, or equivalent concepts as may be applicable.
As per the above, we collect and further process the Personal Information for the following purposes:
Please note that our legal basis for processing Personal Information may depend on where Users of the Reporting Line and other concerned individuals are located and pursuant to which of the specific above-listed purpose(s) we are processing the Personal Information. If you are a resident of the European Economic Area (EEA) or of a jurisdiction where similar legal requirements may apply such as Brazil, Switzerland, and the United Kingdom, we rely on a number of legal bases to process information about you. For the purposes contemplated herein, we typically process Personal Information:
If you are a resident in a territory where our legitimate interests mentioned above are not recognized as a lawful basis under applicable law, we will identify and use other appropriate lawful bases to process your personal information such as contractual necessity or your consent. To learn more about the specific legal ground we rely on to process for any particular purpose, please contact us using the contact details provided below.
Depending on the content of the Report, your Personal Information may be accessed by or disclosed to HR, Global Audit, Legal, Security, management personnel, and others at EA whose involvement may be needed to resolve the reported concern. A limited number of people at NAVEX may also have access to reports on a need-to-know basis.
As furtherly described in Section 5 below, we will implement appropriate technical and organizational measures to help protect your personal information and to maintain its confidentiality, and we will ensure that it can only be accessed by those with a need to manage the Reporting Line, conduct an adequate investigation, and take any follow up action.
We will not share data that directly identifies you with independent third parties without your consent, unless such disclosure is:
We use third party agents and service providers to process your information on our behalf. It is our responsibility to ensure that our agents and service providers protect your data in accordance with the commitments given in this notice. Where personal data is transferred to third party agents on EA’s behalf, we ensure that it is protected in accordance with the commitments given in this notice.
If necessary, we will transfer, store, and process Reporting Line Users and other individuals Personal Information in jurisdictions other than where they live, including in the United States, where EA Inc. is headquartered, and in other countries in which EA or third-party agents operate. Some of these countries may not offer the same level of privacy protection as the laws in Reporting Line Users and other individuals’ country of residence or citizenship, but EA has taken appropriate measures to protect their Personal Information in accordance with this notice wherever their Personal Information is stored and used.
Where appropriate, EA will rely on EU Standard Contractual Clauses and other safeguards to enable transfers outside of the EEA or Switzerland.
Electronic Arts Inc., and its U.S.-based subsidiaries (“EA Inc. US”), complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. EA Inc. US has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. EA Inc. US has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. The EA Inc. US entities subject to the DPF Principles are available here.
EA Inc. US is responsible for the processing of personal data it receives, under the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF, and subsequently transfers to a third party acting as an agent on its behalf. EA Inc. US complies with the EU-U.S. DPF and Swiss-U.S. DPF Principles for all onward transfers of personal data from the EU, UK, and Switzerland, including the onward transfer liability provisions.
The Federal Trade Commission has jurisdiction over EA Inc. US’ compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, EA Inc. US may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, EA Inc. US commits to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF in the context of the employment relationship.
Under certain conditions, more fully described on the Data Privacy Framework website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
EA’s privacy practices comply with the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules System (APEC CBPR). The APEC CBPR system provides a framework for organizations to ensure protection of Personal Information transferred among participating APEC economies. More information about the APEC framework is available here: https://cbprs.org.
Security of your Personal Information and your overall safety in this specific context are a priority at EA and we take a range of technical, organizational and legal steps to protect you and your Personal Information. These include the implementation of appropriate technical and organizational measures to help protect your Personal Information and to maintain its confidentiality, which entails access rights management; considering, where possible, whether to de-identify, anonymise, or aggregate your Personal Information before sharing it; and to prevent, where the report has been submitted anonymously, any attempt to identify you.
Please be aware that, even if the above-described measures aim at ensuring the confidentiality and integrity of your Personal Information, no transmission of data over the Internet or any wireless network can be guaranteed to be 100% secure, thus we cannot guarantee the security of your information at all times. You should always be diligent when it comes to the protection of your personal information.
Users Personal Information and/or other individuals’ Personal Information will be retained as reasonably necessary to respond to your report and/or take any corrective action, to comply with archiving requirements or statutory limitations, or as otherwise required to operate the Reporting Line. It may also be required to be retained beyond this timeframe if it is necessary for legal, operational, or other legitimate purposes.
The following categories of Personal Information may have been collected and disclosed in the preceding 12 months, as these categories are defined under the California Consumer Privacy Act (“CCPA”):
Please note that we may collect and disclose other categories of Personal Information to the extent that you provide them through the Reporting Line, the report and subsequent investigation process, as the case may be.
Collection, use, and disclosure of this information is made for one or more of the purposes listed in Section 2 - How We Use Personal Information and Legal Basis for Processing.
We do not sell or share Users of the Reporting Line nor other individuals Personal Information to third parties, as those terms are defined under California law.
We retain the information we collect for as long as necessary, and we may retain that information beyond that period if necessary for legal, operational, or other legitimate reasons. See Section 6 - For How Long Does EA Retain Data?for more information.
Please see below for additional details regarding how we process your Personal Information, incorporating the notice immediately above.
For each of the categories of Personal Information referenced above, the categories of –
Please see Section 8 - Data Privacy Rights / Contact Us for a summary of your California privacy rights and how to exercise them. Please also note that we recognize your right not to be subject to discrimination or not to face retaliation in relation to your exercise of privacy rights.
Users of the Reporting Line and other individuals may have the right to access, correct, update, or delete the personal information that EA holds about them, as well as to data portability, objection and/or restriction of processing.
If you wish to exercise any of the abovementioned rights, or have any questions or complaints related to the privacy disclosures in this notice, please use our My Privacy Rights portal to contact our Data Protection Officer. To contact EA, including our Data Protection Officer, you can also use the following address: Electronic Arts Inc., 209 Redwood Shores Parkway, Redwood City, CA 94065. Electronic Arts Inc.'s representative in the European Union is Electronic Arts Ireland Limited, Parkmore West Business Park, 1, Ballybrit, Galway, H91 Y2R5, Ireland. Electronic Arts Inc.'s representative in the United Kingdom is Electronic Arts Limited, Onslow House, Onslow Street, Guildford, GU1 4TN, United Kingdom.
Please note that the exercise of certain rights, including the right of objection and/or restriction of processing, may be subject to limitations in the specific context contemplated herein.
If you are an EA employee or an EA consumer and have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
You also have the right to contact your local Data Protection Authority if you prefer, who will investigate your complaint free of charge (to contact European agencies please visit here; to contact the Swiss authorities please visit here, to contact the UK authority please visit here; to contact Mexican authorities please visit here; to contact Colombian authorities please visit here). Where appropriate, the local data protection authority may also forward the matter to the Department of Commerce or FTC for consideration.
EA entities potentially acting as data controller for EEA, United Kingdom, Switzerland, Mexico and Colombia Personal Information, are listed below.
| Electronic Arts, Inc. | 209 Redwood Shores Parkway Redwood City, CA 94065 USA | EA Software (Spain) | Electronic Arts S.L Calle del Ombú, 6 Madrid 28045 Spain |
| EA Ltd (UK) | Electronic Arts Limited, Onslow House, Onslow Street, Guildford, GU1 4TN, United Kingdom | Electronic Arts Ireland Limited | Electronic Arts Ireland Limited Unit 1, IDA Business Park Ballybrit Galway Ireland |
| EA Germany | Electronic Arts GmbH Im Zollhafen 15-17 50678 Köln, NRW Germany | EA Sweden | Electronic Arts Sweden AB Södermalmsallén 36, 9fl 118 28 Stockholm Sweden |
| EA Poland | Electronic Arts Polska SP. Z O.O. Ambassador Office Building Ul. Domaniewska 34A, 02-672 Warsaw, Poland | EA DICE AB | EA Digital Illusions CE AB Södermalmsallén 36, 9fl 118 28 Stockholm Sweden |
| EA France | Electronic Arts Publishing Sarl 18, rue Félix Mangini 69009 Lyon Rhône | EA Finland | Electronic Arts Finland OY Keskuskatu 7 Helsinki, Finland |
| EA BV (Netherlands) | Electronic Arts Nederland BV THE BASE Evert van de Beekstraat 1-104 (7th floor) 1118 CN Schiphol Centrum. | Electronic Arts Romania SRL | Electronic Arts Romania SRL Nr. 4F, Cladirea AFI Park 2, Bulevardul, General Paul Teodorescu, Sector 6, Bucharest, Romania |
| EA Italy | Electronic Arts Italia S.R.L. Via Giuseppe Mazzini 9, 20123 Milan, Italy | EA Swiss Sàrl | EA Swiss Sàrl Place de Hollande 2 Geneva 1204 Switzerland |
| EA Colombia | Electronic Arts Colombia SAS, Bogota, Colombia Calle 113 # 7-45 Teleport Business Park Building, Office 707 | EA Mexico | EA Mexico S.De. R.L. De C.V. Corporativo One o One Juan Salvador Agraz 65, Colonia El Molinito, Delegación Cuajimalpa, CP 05310 México D.F. |
I have read the Data Privacy Notice for EA’s Reporting Line.