Gwent: The Witcher Card Game
Privacy Policy

Last updated on 25 April 2018

1. This document explains what data is collected regarding Gwent.
2. It also explains how we use that data, where we store it, and how we protect it.
3. In short:
• in order for you to play Gwent we need to process some of your data. Should we need to process your data for any other purpose than Gwent or Gwent Masters, we will always ask you for your consent in advance,
• Some partners, such as e.g. GOG, help us in developing Gwent and we may share limited data with them – but only for Gwent related purposes,
• We will not share your data for third party advertising purposes.
4. Finally, it explains your rights in relation to your personal data.

OK, well now that’s done. Hello! This Privacy Policy is where we explain how your personal data is collected and stored, and what happens to it in regards to Gwent. We have put together two versions: a full text version, which is legally binding, and also section summaries, which will hopefully make the legal language sound a bit more accessible. However, please bear in mind that, by accepting this document, you will be bound by the full version. If you have any questions, you can contact us at




1.1 We are CD Projekt S.A. Hereafter, we will call ourselves “CD PROJEKT RED” as CD PROJEKT RED is the team behind the video games within CD PROJEKT S.A. You may contact us via email at, or by mail: CD PROJEKT S.A., Jagiellońska 74, 03-301 Warsaw Poland.

Hello, we're CD PROJEKT RED and we are based in Poland. You can find our contact details here!

1.2 To protect all personal data in a better and more efficient way, we designated a Data Protection Officer (or DPO) who is responsible for the oversight and implementation of the data protection strategy and ensures compliance with necessary legal requirements. You can contact our DPO at the following email address:

In case of any questions or doubts concerning personal data, please contact our Data Protection Officer (contact details opposite).


2.1 This Privacy Policy applies to our video game Gwent in addition to any and all services related to it, including (but not limited to) user accounts, esports tournaments and events, customer and technical support provided by us, as well as wikis, blogs, and social media services (hereafter, the term “Gwent” will refer to all of these elements).

2.2 Specifically, this Privacy Policy governs personal data (or, as called in the United States, “personally identifiable information”) and non-personal data (or, as in the United States, “non-personally identifiable information”), which we collect from you when you are using Gwent ("Personal data" essentially means information which, on its own or in combination with other information, can be used to identify you).

2.3 We respect your right to privacy and will only process personal data in accordance with applicable legislation in the EU, the USA and other countries where we offer our games and services.

2.4 For personal data discussed in this Privacy Policy and used by CD PROJEKT RED in connection with Gwent, CD PROJEKT RED is the data controller under European Union data protection legislation. For the personal data discussed in this Privacy Policy, and used by our partners (such as GOG) in connection with Gwent or other products/services, the relevant partner(s) will be the data controller under European Union data protection legislation.

This Privacy Policy explains the different kinds of data we collect from you when you're using Gwent. We fully comply with privacy laws.


3.1 You must be 16 years old or older to register for Gwent and to play it. CD PROJEKT RED does not deliberately process any personal data of minors below 16 years of age.

You must be at least 16 years old to play Gwent.


4.1 When you sign up for, download, use or play Gwent, or are involved in Gwent esports events (such as the Gwent Masters tournaments) certain data is collected. This data may include:
For general use of Gwent:
● Your email address;
● Your name and surname;
● Your date of birth;
● Any username used to identify yourself, avatars;
● Gwent-ID;
● Log of user activity within Gwent (login time, logout time, log of matches played, number of wins and losses, gathered experience points,);
● Account of in-game virtual goods and currencies;
● Matchmaking Rating (MMR);
● IP address;
● Country (identified based on IP address);
● Any other data which you supply us via our services;

When you play Gwent we collect basic data about you and your activity on your account

For purchasing Gwent in-game content – additionally:
● Your device/platform, purchases made with virtual or real currency (including transaction dates, currencies, value, products of transaction);
If you contact our technical support – additionally:
● Other data required to help you with any queries or support matters, such as data collected in crash logs that are gathered by your device or the technical parameters of the device you use to play Gwent.

If you contact technical support, you may be asked to provide additional data, such as crash logs or the technical details of the device you use to play Gwent.

If you take part in esports tournaments and events – additionally:
● Data and other documents used only in connection with Gwent esports tournaments and events: passport/ID number, issuer of the document, photo/scan of the document, citizenship, bank account details for prize payment, your image if you participate in a Gwent tournament, place of birth, correspondence address, your father’s and mother’s names, data on your participation in official and authorized Gwent events, Crown Points (points used in Gwent MASTERS rankings).

If you are a part of Gwent MASTERS, we need some additional data for payment & tax purposes, including your passport number and correspondence address.

In order for you to play Gwent or access other services, we need to process the data described above. In case you do not agree to provide us with the above-mentioned data, you will not be able to play Gwent, take part in esports tournaments or use other services.

The above data is necessary for us to provide you with Gwent and the online services related to it.

4.2. Cookies. We and our partners also collect data about you via cookies. You can find out more about this in our Cookie Policy here: . The Cookie Policy forms part of this Privacy Policy.

Check our Cookie Policy to find out what sorts of cookies we use to support our services.


4.3 A quick word about payment details (if/when you use them in Gwent): We will not receive or store any of your payment details, this is fully handled by the relevant payment platform and/or payment method/processor. If/when you make in-game purchases in Gwent, we are notified by the payment processor once the transaction takes place and then ensure you receive your in-game purchase. We do not, however, receive any of your actual payment details. We only keep the data concerning transaction dates, currencies, value and the products of transaction.

We do not collect any of your payment details. We only receive confirmation that a purchase took place and then ensure you receive what you purchased. The only data we store includes transaction dates, currencies, value and products of transaction.


5.1 Data may be collected or processed in the following ways (either directly or via our Partners as explained below):
(a) data you give us via Gwent, or which you give to our partners in connection with Gwent;
(b) data given when you contact us or report a problem with Gwent;
(c) data about your activity as a user within Gwent (in addition to your IP address, country of origin, purchases, account of in-game virtual goods and currencies) is collected automatically;
(d) we may also ask you to complete surveys that we use for research purposes. However, your response to surveys is not required. We may collect this data via Gwent or trusted third parties connected with us for optional services such as surveys or polls.

We collect and process data that you give us in connection with Gwent or that we receive based on your activity within the game.


6.1. When we process personal data about you, we do so only as necessary to provide you the CD PROJEKT RED services you use (i.e. to perform the agreement between us), to meet our legal obligations or to fulfill the so-called “legitimate interests” of CD PROJEKT RED, or in accordance with the other cases described in the section “How is your data used?”. To clarify, by legitimate interests we mean lawful purposes that could be reasonably expected (protecting the security of the data we process, marketing CD PROJEKT RED games and services as well as ensuring our marketing is relevant for you, conducting anti-cheat analysis and anti-fraud checks). When we rely on the legitimate interest, we consider and balance any potential impact on you and your rights. For other purposes, we will ask for your consent and you will be entitled to withdraw this consent at any time with no impact on the validity of the processing before your consent has been withdrawn.

6.2. When we transfer your data outside the European Economic Area, we do so on the basis of a variety of legal mechanisms, as described in “Trusted Partners”.

In order for you to play Gwent, we need to process some of your data. Should we need to process your data for any other purpose, we will always ask you for your consent in advance. You will always have the right to withdraw your consent at any time.


7.1 Where do we store it? The data we collect from you is stored on our secure servers in Europe or – only if necessary – by those of our Trusted Partners as described below. We implement appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. We will take all reasonably necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy.

We will store your data on our secure servers in Europe or on those of our Trusted Partners. We will do our best to keep your data secure.

7.2 How long are we going to store your data? We will retain your personal data only for as long as needed in order to fulfil the purposes outlined in this Privacy Policy. In certain special cases, a longer retention period might be required by law, such as for tax reasons, accounting purposes or other legal requirements and obligations.
When we will no longer require your personal information in order to provide our game related services to you, we will either delete it or anonymize it. In particular:
1. we will keep data that is associated with your Gwent account for the duration of the agreement to access Gwent services (i.e. until you close your Gwent account). Following account closure, limited data that we collect about you will still be retained for an additional few years for tax, legal and accounting purposes;
2. if you contact us and don’t have a Gwent account, we will retain correspondence with you as long as necessary to assist you, followed by a period necessary for legal or accountability purposes;
3. for marketing purposes, we will store data as long as we have valid consent, and we will delete or anonymize it without undue delay and no later than within 30 days from the moment we receive a request to unsubscribe.

In general, we will store your data until you close your Gwent account. After that, we may still use limited data about you for tax, legal or accounting reasons.


8.1 Your data may be used for the following purposes:

• to carry out our obligations arising from any contracts between you and us, such as providing access and allowing you to play Gwent,
• to ensure enjoyable gameplay through the analysis of players’ data,
• to maintain the ranking of Gwent players,
• to calculate conversion rates and other elements of Gwent performance,
• to organize official Gwent Masters events and award points to participants of third-party events,
• to maintain technical support services for game users,
• to identify incidents of game misuse,
• to maintain, improve or develop Gwent,
• for tax, legal and accounting purposes,
• for the accountability purposes as defined by EU legislation (GDPR),
• to provide you with marketing information (including personalized and targeted marketing emails), products or services that you request from us and which we feel may interest you. For example, we may send you newsletters or emails about Gwent (of course, this is optional and we will ask you for permission first),
• to target and personalize our marketing communication, offers and advertisements that we display on our websites and services as well as those of third parties based on the combined data we have collected about you.

We will use your data to operate Gwent and continue to improve it, as well as to communicate with you (e.g. via newsletters or emails). .

8.2 Whenever we’re personalizing or targeting our marketing communications, offers and advertisements, we may profile your personal data, which means that we may use the data we collect to adjust the communication addressed to you to meet your needs. In such cases, we do not, however, use your personal data for profiling, which would constitute automated decision-making that could affect your legal situation (i.e. we do not use algorithms to make decisions which would have an impact on your individual legal rights or affect your legal status or rights under the agreement between us. For example, we do not make automatic offers based on your behaviour in the game.).
If you decide that you no longer want to receive personalized offers, product recommendations, or any advertising news at all, you can object to this service at any time.

We gather data when and how you play Gwent in order to offer you the best service and most suitable communication possible. However, we will never make automatic decisions based on profiling that could affect your legal situation (e.g. automatic offers or discounts based on your behaviour in the game).

8.3 We might process some aggregated and general non-personal data on user behaviour (e.g. sales per region) with our partners who assist us in the process of running Gwent or, for example, with payment providers. We may also share non-personal data with data analysis services to help us run Gwent. For example, this may happen in case we need information about what kinds of kegs are the most popular in a given region.

Sometimes we may have to share anonymised, non-personal data like operating system type in order to run our services. Fear not, as mentioned above, everything’s anonymised, so you can never be identified.


9.1 When you create a Gwent account, some basic data about you (namely your username, card collection, and statistics) will form a part of your public profile and it will be visible to everyone who views your profile. You can disable this function and the visibility of your profile through your Gwent account settings at any time.

Limited data about you will be visible in Gwent as a part of your public profile, but it can be disabled at any time via the privacy settings in your account.

9.2 Please remember that any communications you have via Gwent may reveal details about you. Also, any data you post publicly will be publicly available to other people. We are not responsible for your use of any private personal data which you choose to make available, or the activities of other users or other third parties to whom you give or make available your data or content.

You have the option to share your own personal data with others or publicly. But be aware that you are responsible for this type of data sharing.


10.1 Gwent may, from time to time, contain or connect you with third party content or services. Our Privacy Policy does not extend to external sites or companies, so please refer directly to their privacy policies.

You may find third party links in Gwent or we might direct you to third parties. They may collect data from you in accordance with their own privacy policies. Please be sure to take a look at them.

10.2 Some services may involve interacting with our sister company, GOG, or potentially with other trusted partners of CD PROJEKT RED. For example, in order to play Gwent you will need to create a GOG account and, depending on your device, you may need to install and use GOG Galaxy. In order to do this, we may need to share some of your personal data with our trusted partners.

We provide some services via trusted partners, such as our sister company, GOG (who helps us to develop and run Gwent), we will share some data with them.


11.1 We may share your data with the following Trusted Partners who were engaged by us to help deliver our services and functionalities to you. Please rest assured that we always provide our partners with the minimum data necessary for them to achieve the purpose of their cooperation with us. They may have access to limited data about you and process it on our behalf for only the purposes set out below (they are formally called “Data Processors”):
a) GOG sp. z o.o. – our sister company who develops Gwent together with us and provides us with the Galaxy platform;
b) CD PROJEKT Inc. – our daughter company who helps us with marketing in the United States;
c) Our partners who provide us with internal management and data-sharing tools;
d) Our partners who help us in data analysis by providing us with analytical tools;
e) Our partners who help us manage our newsletters and email communications by providing us with email marketing tools;
f) Our professional advisors who assist with legal, tax, audit or accounting matters;
g) Social media platforms for the purpose of personalized and targeted marketing (for example, to inform via advertisements on social media platforms you use about Gwent services you may enjoy).

11.2 When required by law, we may also share your data with the police or other government authorities (including your IP address and details of suspected unlawful or fraudulent activity such as unauthorized use of payment methods and security risk scores).

11.3 We use the reCAPTCHA service provided by Google Inc. to protect your submissions via Internet submission forms on our sites. This plugin checks whether you are a person in order to prevent certain website functions (such as comments) from being (ab)used by spam bots. This plugin query includes the sending of the IP address and possibly other data required by Google for the Google reCAPTCHA service. For this purpose, your input will be communicated to and used by Google. However, your IP address is truncated by Google within members states of the European Union or in other states which are party to the agreement of the European Economic Area and is, as such, anonymized. Only in exceptional cases is a full IP address transmitted to a Google server in the United States and truncated there. On behalf of us, Google will use this data to evaluate your use of our services. The IP address provided by reCAPTCHA from your browser shall not be merged with any other data from Google.

11.4 Your data may be processed, stored and transferred to countries outside your country of residence and beyond the European Economic Area (EEA), such as Switzerland or the United States. Privacy laws in these countries may not offer the same level of protection as in your country or in the EEA. But whenever we share your personal data outside the EEA, we will do so on the basis of EU standard contractual clauses or the Privacy Shield Framework, which are lawful measures to transfer your data and establish adequate protection of your personal data.

We sometimes share data with our Trusted Partners who provide us with data analytics, internal management tools or support us in marketing activities. This includes GOG, our sister company, who operates the GALAXY platform and helps us develop Gwent. Whenever we share your personal data outside Europe, we will ensure that the data is duly protected.


12.1 Please be aware that we are subject to various laws and may be required to release personal data to comply with law enforcement and other legal requirements.

We may be required to comply with law enforcement requests to release personal data.

12.2 In the unlikely event of a reorganisation or merger of CD PROJEKT RED, we may transfer personal data to an involved third party who will protect this to at least the same level as we do in this Privacy Policy.

In the event of any reorganisations, acquisitions, etc., your personal data will still be protected to at least the same level as it is right now.


13.1 You have the right to object to the processing of your personal data at any time, such as for marketing reasons. You can do so by contacting us at the following email address:
13.2 You have the following additional rights:
● You have the right to access data held about you;
● You may contact us to request that we delete your personal data from our system;
● You may ask us to rectify/correct your personal data, if appropriate;
● You may ask us to restrict the processing of your data;
● You have the right to transfer your data to another entity;
● You have the right to file a complaint with a data protection authority.
You can exercise these rights by contacting us at

13.3. In case of any concerns or questions about your privacy, please contact us and we will do our best to assist you. You can reach us at or contact our Data Protection Officer at If, however, you feel we have not satisfactorily dealt with your concern, you can report it to your local data protection authority or the Polish regulator – the President of Polish Office of Data Protection - Prezes Urzędu Ochrony Danych Osobowych ("PUODO") in Poland.

13.4 Under California law, California residents who have an established business relationship with us have the right to request certain data with respect to the types of personal data we have shared with third parties for their direct marketing purposes, and the identities of those third parties within the immediately preceding calendar year, subject to certain exceptions. All requests for such data must be in writing and sent to:

CD Projekt S.A.
ul. Jagiellońska 74
03-301, Warsaw, Poland

This same California law permits us to provide you, in response to your written request, with a cost-free means to choose not to have your data shared rather than providing the above-described data. You may exercise that choice by contacting us at the address listed above.

13.5 If you would like to exercise any of these rights or have any queries regarding them, please contact

You have right to access your data, to make amendments to it, to have us delete all of your data, to restrict the processing of your data, or to have your data transferred to another entity. You can always send an email to and we will do our best to provide support.


14.1 We may change this Privacy Policy if we deem it necessary, such as for legal reasons or to reflect changes in our services. If we do so, we will make the altered Privacy Policy available online and update the “Last Updated” date.

14.2 Once we change the Privacy Policy, it will become legally binding 30 days after we post it online. During that period, you are welcome to contact us if you have specific questions about the changes.

14.3 Unfortunately, if you do not agree to those changes (regardless of whether you email us), we must then ask you to cease using Gwent. We hope you understand that we need to have everyone playing the game and observing the same rules so our services can function properly.

We can change this Privacy Policy, but if we do, we will put the updated version online. Changes will take effect 30 days after we have made the updated version public. Feel free to contact us if you have any questions regarding the changes.


15.1 We would also like to remind you that our Gwent User Agreement (once activated) will have more data about how we operate Gwent.

Thank you for your patience and have fun playing Gwent!

Not like it changes anything, but we are obligated to inform you that we are using cookies - well, we just did.
More info on cookies

I don’t want to see this banner again