PRIVACY NOTICE

Last Updated: November 7, 2023

DRAFTKINGS - OUR COMMITMENT TO PRIVACY

DraftKings Inc. (“DK,” “we,” “us,” or “our”) strives to offer sports fans the most entertaining games and experiences found anywhere on the Internet. To ensure the trustworthiness of our games and the quality of your experience, we collect and process information about our users. We are committed to handling your information with respect because your privacy is important to us. We provide this notice to explain how we collect and use information from users of our website at https://www.draftkings.com (“Website”), our mobile applications ("Applications"), and our Daily Fantasy Sports (“DFS”), Sportsbook and Casino (“Gaming”), Marketplace, and related services including, but not limited to, our social networking features (collectively, "Services"). This notice does not apply to websites, applications, or services that do not display or link to this notice or that display or link to different privacy statements.

By using our Services, you consent to this notice. In the event you object to the collection, use, and disclosure practices described in this notice, you may not use our Services.

If you are a California resident, please see Section 12 for additional information regarding your privacy rights, including how to submit a request to opt-out of the sale or sharing of your personal information.

If you are a resident of Connecticut, Colorado, or Virginia, please see Section 13 for additional information regarding your privacy rights.

TABLE OF CONTENTS

  1. THE PERSONAL INFORMATION WE COLLECT
    1. Information You Provide To Us
    2. Information Collected Via Technology
    3. Information Collected From or About Friends
    4. Information Collected From Other Sources
  1. INTERACTION WITH THIRD-PARTY SITES AND SERVICES
  2. ADDITIONAL USES OF PERSONAL INFORMATION
  3. ADDITIONAL DISCLOSURES OF PERSONAL INFORMATION
  4. BIOMETRIC VERIFICATION
  5. SECURITY AND RETENTION OF PERSONAL INFORMATION
  6. YOUR RIGHTS AND CHOICES REGARDING PERSONAL INFORMATION
  7. HOW WE RESPOND TO DO NOT TRACK SIGNALS
  8. PROHIBITED USERS
  9. CHILDREN
  10. INTERNATIONAL USERS & PRIVACY RIGHTS
  11. CALIFORNIA PRIVACY RIGHTS
  12. COLORADO, CONNECTICUT, AND VIRGINIA PRIVACY RIGHTS
  13. HOW TO CONTACT US
  14. CHANGES AND UPDATES TO THIS PRIVACY NOTICE
  1. THE PERSONAL INFORMATION WE COLLECT
  1. Information You Provide to Us
    • You may choose voluntarily to provide certain personal information to us. Personal information is information from which you can be directly or indirectly identified, such as your name, address, email address, phone number, payment card and financial account information, billing information, driver’s license number, Social Security number, and certain online identifiers.
    • For example, you may decide to share your first and last name, date of birth, location, email address, phone number, username and password, and the country and state in which you reside when you create an account to log in to our Services ("Account"). We need this information to set up your Account, verify your identity, and provide you with our Services. The personal information you provide in connection with Account creation will be collected in accordance with this privacy notice.
    • When you use our Website, Applications, or other Services, or deposit or withdraw funds, we may collect all information necessary to complete the transaction and provide you with our Services, including your name, address, email address, phone number, credit or debit card number, other financial account and billing information, Social Security number, tax information, and records of the products and Services you purchased, obtained, or considered.
    • In the event you provide us feedback or contact us via email or chat, we will collect your name and email address, as well as any other message content, in order to send you a reply, provide customer and technical support, improve and optimize our Services, satisfy our legal obligations, enforce our contracts and legal rights, and address any existing or anticipated disputes.
    • We will collect the profile photo you upload and username you choose for your public profile page, including in connection with our social networking features ("Profile"), to give you a personalized experience of our Services. When you participate in any DFS contest, Gaming offering, Marketplace transaction, or other product through the Website, Applications, or other Services, other participants may be able to see the information you selected for your Profile.
    • In the event you tell us where you are (e.g., by allowing your mobile device to send us your location or by otherwise permitting us to geolocate you), we may store and use that information to verify your eligibility to use certain Services, to comply with relevant laws, and for fraud detection and prevention purposes.
    • When you participate in one of our surveys, we may collect additional information about your Profile, activity, usage, and preferences related to the Website, Applications, and other Services, so we can evaluate your interest in, and the quality of, our Services and provide you customer and technical support.
    • In the event you participate in a DraftKings sweepstakes, giveaway, contest, promotion, or game through our Services, we may collect your email address, username, and phone number to notify you in the event you win. We may also ask for consumers’ names and addresses, in order to verify their identities and fulfill any applicable prizes. In some situations we may need to collect other information about user preferences as part of the entry process, such as a prize selection, or in connection with the award of prizes that are valued over a certain dollar amount. Such sweepstakes, giveaways, contests, promotions, and games are voluntary. We recommend that you read the rules associated with any sweepstakes, giveaway, contest, promotion, or game before entering.
    • In the event you use our social networking features, we may collect, and other DraftKings users may be able to see, your Profile information, including your username, real name, photo, location, the content you post on your social feed and the social feeds of other DraftKings users, and any other information you choose to upload or share. We may also collect, and other users may also be able to see, information about the DFS contests, Gaming offerings, and Marketplace transactions you participate in, including, but not limited to, contest entry fees, wagers and betting feed data, and contest lineups. In the event you elect to sync, upload, or import data about your contacts from your device’s address book, we may collect and use that information to provide you and your contacts with our Services, including, but not limited to, helping you find and connect with your contacts and helping your contacts connect with you. In general, the information you choose to provide when using our social networking features is public, and you should exercise caution and good judgment before you post, upload, sync, import, or otherwise share information with us and others in order to avoid disclosing sensitive, harmful, or unlawful information. You are solely responsible for the content you post, upload, or share and other information you provide, whether by syncing, importing, uploading, or otherwise, when you choose to use our social networking features. You may control the information you share or upload through our social networking features by using our social privacy settings. The social privacy settings allow you to determine: who is able to see your Profile and your DFS and Gaming activity through our social networking features; who can add you as a friend; who can find you in a username search; who is able to see your real name and friends lists; whether you will receive notifications of replies and reactions to your posts; whether you will receive notifications that someone has posted content to your feed or posted about you; and who can see your posts.
  2. Information Collected Via Technology
    • Information Collected by our Services. In order to improve, personalize, and optimize our Services and meet our legal obligations, we may automatically track certain information about your visits to and usage of our Website, Applications, and other Services, including your browser type, operating system, Internet protocol (IP) address, device identifier, domain name, clickstream data, referring/exist pages, geolocation data, and a date/time stamp for your visits. We also use this information to analyze trends, administer the Services, gather demographic information about our user base, deliver advertising, perform research, provide technical and customer support, inform our product development efforts, protect our legal rights, address disputes, and prevent our Services from being used to commit harmful or unlawful activities, including fraud. Some of this information may also be collected so that when you use the Website, Applications, or other Services again, we will be able to recognize you and optimize your experience accordingly.
    • Device Information.We may collect information about the devices you use to access our Services, including the hardware models, operating systems and versions, software, file names and versions, preferred languages, unique device identifiers, advertising identifiers, serial numbers, device motion information, and mobile network information. In the event you have downloaded our Application(s), we may also collect certain information from your mobile device, including information about how you use the Application(s). This information is generally used to help us deliver relevant information to you and to detect and prevent fraud and other unlawful activity. In the event our Application crashes on your mobile device, we will also receive information about your mobile device model, software version, and device carrier, which allows us to identify and fix bugs, provide other technical support, and improve and optimize the performance of our Applications.
    • Like many online services, we use “cookies” to collect technical information. Cookies are small pieces of information that a website sends to your computer’s hard drive while you are viewing a website. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience of our Website, Applications, and other Services. We may use cookies to collect information about your IP address, browser type, operating system, device type and identifiers, platform type, as well as your usage of and activity on our Website and Applications and the performance of our Services. These types of information are collected to make the Website and Applications more useful to you and to tailor your online experience to meet your interests and expectations. You can use the options in your web browser to notify you when you receive a cookie or you may change your cookie preferences in your internet browser or with third parties. You can control and/or delete cookies used by our Services at any time. You can delete all existing cookies on your computer and adjust settings for most browsers to prevent cookies from being received.
    • Pixel Tags. In addition, we use "pixel tags" (also referred to as clear gifs, web beacons, or web bugs). Pixel tags are tiny graphic images with a unique identifier, similar in function to cookies, that are used to track online movements of web users. In contrast to cookies, which are stored on a computer’s hard drive or web browser, pixel tags are embedded invisibly in web pages. Pixel tags are often used in combination with cookies, to trigger the placing of cookies, and/or to transmit information to us or our vendors or partners. This enables two websites to share information. The resulting connection can include information such as a device’s IP address, the time a person viewed the pixel, an identifier associated with a browser or device, the type of browser being used, and the URL of the web page from which the pixel was viewed. Pixel tags also allow us to send email messages in a format that users can read, tell us whether emails have been opened, and help to ensure we are sending only messages that may be of interest to our consumers. We may also use information collected through pixel tags to reduce or eliminate messages sent to a user.
    • Threat Detection. We use certain service providers, such as ThreatMetrix, to provide threat detection, user authentication, and fraud prevention services. These service providers may automatically collect certain information about your visits to the Website and Applications, as well as the device you use to connect to our Services, in order to monitor for potential threats and bad actors. This information may include, among other things, your IP address and your device’s unique identifiers. In the event you would like to know more about ThreatMetrix’s data privacy practices, please review the LexisNexis ThreatMetrix Processing Notice.
    • Collection of Data in Connection with Advertising and Marketing. We may use certain vendors or partners to serve ads on our Services, as well as on other websites, applications, and social media networks. In connection with the delivery of advertising, certain vendors, including, but not limited to, Facebook, FantasyPros, LiveRamp, Reddit, Snapchat, TikTok, The Trade Desk, TruSignal, and Twitter, may collect information about you and your visits to the Website and Applications and other websites and applications. That information may include your IP address, internet service provider, unique personal identifiers (e.g., email address), and the browser you use to visit the Website and Applications and other websites and applications. They may do this by using cookies, pixel tags, or other technologies. The information collected may be used, among other purposes, to deliver advertising targeted to your interests and to better understand your usage of, preferences on, and visitation of our Website, Applications and other Services as well as other sites, social media networks, and applications tracked by such vendors or partners. This notice does not apply to, and we are not responsible for, cookies, pixel tags, and other technologies used in connection with other parties’ ads, and we encourage you to check the privacy policies of advertisers and ad services to learn about their use of such technologies. In the event you would like more information about these practices to understand your options for not having your information collected and used by such companies, please click http://www.aboutads.info/choices and https://www.networkadvertising.org/. We may also display interest-based ads, sometimes referred to as personalized or targeted ads, using the information you make available to us when you interact with the Website, Applications, and other Services.
    • Measurement Data and Third-Party Analytics. We use a number of vendors and service providers, such as, but not limited to, Google, Hulu, and Roku to help analyze and measure how people use our Services ("Analytics Companies"). Analytics Companies may use cookies, pixel tags, and other technologies to collect information pertaining to how people use our Services, what pages they visit, and what other sites they may have used prior to using our Services. We use the information we get from Analytics Companies to improve and optimize our Website, Applications, and other Services and to measure the effectiveness of our ads.
    • Referral Affiliates. We may enter into agreements with companies that refer users to our Services via hyperlinks available on the referring party’s website. We may automatically collect certain information, such as your IP address, other identifiers, and the identity of the referring website via cookies, pixel tags, and other technologies that are provided to us in connection with your use of the referring party’s website.
    • Location Information. We may collect your location information, including your geolocation records, for purposes of verifying whether you are eligible to participate in a DFS contest, Gaming offering, Marketplace transaction, sweepstakes, promotion, or giveaway or to determine whether you are otherwise permitted to use our Services. We may also use such information to comply with our legal obligations, protect our legal rights, and address existing or anticipated disputes.
  3. Information Collected From or About Friends
  4. Refer-a-Friend. Our Services enable you to invite your friends to join in the fun. We offer several ways to invite friends to play on the Website and Applications. All options include the use of a unique URL link provided to you by us that you must use to direct people who do not have an existing Account to the Website and Applications to become a referred friend (“Link”). You may share the Link with friends via email, text, Facebook, Twitter, and other ways. When a friend uses the Link to register an Account on DraftKings, the Link enables us to associate that friend with the referrer, primarily for the purpose of awarding bonuses. The Link and the terms and conditions of the Refer-a-Friend program are available through DraftKings Refer a Friend Terms. We also employ techniques to facilitate invitations to friends using the Link, including a contact importer tool that allows you to add your contacts, including those in your address book, so that you can ask them to join DraftKings and communicate with you through the Website, Applications, and other Services. Our contact importer tool may not be available to users in certain regions or countries. In the event it is available, with your permission, we will access your address book and import your contacts' names, email addresses, phone numbers, locations, and associated details to determine which of your friends have not registered an Account on DraftKings. We rely upon you to obtain any consents from your friends and contacts that may be required by law to allow us to access, upload, and use their data for this purpose. You or your friends or contacts may reach us at privacy@draftkings.com to request the removal of this information from our database.

    Find-a-Friend. Our Services may also enable you to invite your friends who already have an Account to participate in our Services. In order to invite friends with Accounts to join in the Services, you may: (i) enter your friend's username associated with their Account to find and locate them; or (ii) in the event you are using our Application(s), use our contact importer tool to import and search through your contacts, including contacts in your address book, to match those of your friends who are also registered DraftKings users. Our contact importer tool may not be available to users in certain regions and countries. In the event it is available, with your permission, we will access your address book and import your contacts' names, email addresses, phone numbers, location, and associated information to facilitate the connection with your friends. Again, it is your responsibility to obtain any consents from your friends and contacts that may be required by law to allow us to access, upload, and use their personal information for this purpose.

  5. Information Collected from Other Sources
  6. We may supplement the information we have about you with information received from other sources including, but not limited to, from our pages on certain social networking sites, the social networking sites themselves, and from commercially available sources (e.g., data brokers and public databases). Your activity on other websites and applications may be associated with your personal information in order to improve and customize our Services and the ads delivered on our Website and Applications. The information we collect may include demographic data such as age, gender, and income level, your preferences, interests, associations, photos, commercial information (including, but not limited to, records of products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies), as well as information regarding your interaction with various websites and applications, including, but not limited to, the Services. This information is used to create and deliver advertising, improve and optimize our marketing efforts and VIP services, perform user verification and fraud detection and prevention, and comply with our legal obligations. By accepting this privacy notice and using our Services, you authorize third parties, which may include your mobile operator(s), internet service provider(s), financial institution(s), as well as government organizations and other authoritative data sources, to disclose to us and our service providers your personal information for the purposes of validating your identity and detecting and preventing fraud on your Account. This information may include your credit record number, IP address, device identifier, browser type, operating system, location, and data regarding your interaction with an Internet website or application.

  1. INTERACTION WITH THIRD-PARTY SITES AND SERVICES

Certain products, services, or other materials displayed on the Website, Applications, and other Services may integrate with, be integrated into, or be provided in connection with certain third-party services and content. We do not control those third-party services and content, and our various terms of use and this notice do not apply to those services and content. You should read the third-party terms of use agreements and privacy policies that apply to such services and content. We are not responsible for the practices used by any third-party websites or services linked to or from our Website or Applications, including, but not limited to, the information or content contained within them. By using our Website, Applications, or other Services, you acknowledge and agree that we are not responsible for and do not have control over any third-party services and content that you authorize to access the information you provide to them. In the event you are using a third-party website or service and allow it to access your personal information, you do so at your own risk.

  1. ADDITIONAL USES OF PERSONAL INFORMATION
  • User Feedback. We may post user feedback on the Website and Applications from time to time. We will share your feedback with your first name and last initial only. In the event we choose to post your first and last name along with your feedback, we will obtain your consent prior to posting. In the event you make any comments on a blog or forum associated with the Website, Applications, or other Services, you should be aware that any personal information you submit there can be read, collected, or used by other consumers of the blog or forum and might be used to send you unsolicited messages. We are not responsible for any personal information you choose to submit in these blogs and forums.
  • Creation of Aggregated, Anonymous or De-Identified Data. We may create aggregated, anonymized, or de-identified data (i.e., data that is not reasonably capable of being associated with or linked to you) from personal information we collected from or about you. We use such data to analyze request and usage patterns so that we may improve, optimize, or enhance our Services and improve our consumers’ experience with and ability to navigate our Website and Applications. We reserve the right to use aggregated, anonymized or de-identified data for any purpose and disclose it to third parties for any reason.
  • Responsible Play. As part of our commitment to responsible play, we may use the information collected about you to assess whether you are responsibly playing in DFS contests and Gaming offerings. In the event we identify potentially problematic information, we may reach out to you to provide resources to help ensure that you are playing responsibly. By using our Website, Applications, or other Services, you consent to our use of your information for these purposes.
  • Purchase and Delivery of Marketplace Products and Services. We may use the personal information we collect from you to process Marketplace transactions and Reignmakers contests and to provide other Services available through the Website and the Applications, including products and services related to primary and secondary sales of non-fungible tokens (“NFTs”). We may also use your personal information to process payments, communicate with you about transactions, and in regard to promotional offers. We may share your information, such as your name, email address, or physical address, with sellers in our Marketplace for utility fulfillment (e.g., online discount codes, memorabilia, or other collectibles) associated with NFT purchases, Reignmakers contests, and other Services in which you participate.
  1. ADDITIONAL DISCLOSURES OF PERSONAL INFORMATION

In addition to the disclosure practices discussed above, we may disclose your personal information as follows:

  • Parties You Share With. When you use the Website, Applications, or other Services, the personal and other information you choose to provide, including, but not limited to, through our social networking features, will be shared with parties you allow to receive such information. For example, you may choose to communicate personal information to your friends and other players, including, but not limited to, those who are participating in the same DFS contest or Gaming offering as you. In addition, any information you post, upload, or disclose through your use of our social networking features may be available to other users of our Services and the general public. As indicated above, by using the social privacy settings, you may control who may view your Profile information, the DFS and Gaming participation activity you share through the social networking features, the content you post or otherwise share through the social networking features, and the notifications you would like to receive through the social networking features.
    • Service Providers. We may share your personal information with certain service providers to provide you with our Services; conduct quality assurance testing; facilitate the creation of Accounts; process payments; provide account authentication and user verification services; provide technical and customer support; geolocate users; personalize, customize, and improve your use and experience of the Services; process financial transactions in connection with your Account, including, but not limited to, E-Wallet deposits and/or withdrawals, either online or through selected retail locations; send email and push notifications; enable security support and technical maintenance; send you newsletters, surveys, messages, and promotional materials related the Services or on behalf of other companies; provide loyalty rewards and VIP benefits; verify your identity; prevent unlawful uses of our Services; deliver customized or personalized content, information, and advertising; understand when users have installed our Applications; monitor the health and performance of code on consumers’ devices; request feedback; send users links to download our Applications; monitor the health of our servers; manage search engine optimization; and improve and optimize the performance of our Services. We also use the personal information we collect in connection with your use of our Services to detect and prevent harmful, abusive, fraudulent, and other malicious activity. We may share this information with vendors and service providers including Sift Science, Inc. (d/b/a Sift) to assist us with this effort. To learn more about Sift, please review the Sift Service Privacy Notice.
    • Identity Verification Services. We may use identity verification vendors such as, but not limited to, LexisNexis, Onfido, and Socure, to confirm your identity, detect and prevent fraud, and/or enhance your Account opening experience. By using our Services, you also authorize us to disclose your full name, date of birth, address, and identification information directly to our vendors for the purpose of verifying your identity. For such purpose, you permit our vendors to verify your identity with a credit bureau and access your credit file solely for the purpose of identity verification which will not affect your credit score. This data will be maintained for the duration of the business relationship and any legally required retention period. For more information about our identity verification vendors’ privacy practices, please review the following privacy statements: LexisNexis Privacy Policy, Onfido Privacy Policy, and Socure Privacy Statement.
    • Internal Revenue Service and Other Taxing Authorities. In the event your earnings from a contest, sweepstakes, giveaway, promotion, or game exceed a certain threshold, in accordance with our interpretation of applicable law, we will disclose the amount of your earnings and related information to the United States Internal Revenue Service and other appropriate taxing authorities.
    • Professional Financial and Legal Advisers.From time to time, we may also need to share your information with professional advisers, including lawyers, auditors, bankers, insurers, and consultants, in order to obtain advice or other professional services from them. Such advisers are bound by legal and/or contractual duties of confidentiality and other prohibitions against disclosure of personal information.
    • We may publicly share information about the contests, promotions, and games in which you participate, including information related to your username, first name and initial of last name, win/loss records, finishes, and fantasy picks in our leaderboards.
    • Co-Branded Companies. “Co-Branded Companies” are entities with whom we may jointly offer a service or feature. You can tell when you are accessing a service or feature offered by a Co-Branded Company because the Co-Branded Company’s name will be featured prominently. You may be asked to provide information about yourself to register for a service offered by a Co-Branded Company. In doing so, you may be providing your information to both us and the Co-Branded Company, or we may share your information with the Co-Branded Company. Please note that the Co-Branded Company’s privacy policy may also apply to its use of your information. We are not responsible for the practices of Co-Branded Companies. In addition, by using our Services, you acknowledge and agree that we are not responsible for and do not have control over any Co-Branded Companies.
  • DK Promotions. When you participate in a DFS contest, Gaming offering, Marketplace transaction, or other promotion, we may use your name, likeness, voice, opinions, and biographical information for publicity, advertising, trade, or promotional purposes without further payment, consideration, notice, or approval.
  • Dynasty Rewards. When you open an Account with us, we use your personal information to automatically enroll you in our Dynasty Rewards Program to earn crowns and advance your Dynasty status. In the event you redeem your crowns for rewards, we will use your personal information to fulfill and ship your applicable rewards to you.
  • Social Networking Sites. Our Website, Applications, and other Services may enable you to post content to social networking services (e.g., Facebook) ("SNS"). In the event you choose to do this, we will provide information to such SNS in accordance with your elections. In such event, you acknowledge and agree that you are solely responsible for your use of those SNS and that it is your responsibility to review the terms of use and privacy policy of the SNS and/or companies providing such SNS. We will not be responsible or liable for: (i) the availability or accuracy of any SNS’s terms of use or privacy policy; (ii) the content, products, or services on or availability of such SNS; or (iii) your use of any such SNS.
  • Corporate Affiliates. We may share some or all of your personal information with our corporate affiliates, including, but not limited to, our subsidiaries, joint ventures, and other companies under a common control ("Affiliates"), in which case we will require our Affiliates to respect this notice.
  • Corporate Restructuring. We may share some or all of your personal information in connection with or during negotiation of any merger, financing, acquisition, corporate divestiture, dissolution transaction, or other proceeding involving the sale, transfer, divestiture or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, your personal information may also be transferred as a business asset.
  • Other Disclosures. Regardless of the choices you make regarding your personal information (as described below), we may disclose personal information in the event we, in good faith, believe that such disclosure is necessary: (i) to comply with relevant laws or to respond to discovery requests, subpoenas, or warrants served on us; (ii) in connection with any legal investigation; (iii) to protect or defend the rights or property of DraftKings or consumers of the Website, Applications, or other Services; (iv) to investigate or assist in preventing any violation or potential violation of law, this notice, or our terms of use; or (v) in the event we believe that an emergency involving the danger of death or serious injury to any person requires or justifies disclosure of information.
  1. BIOMETRIC VERIFICATION

With your consent, we may use facial image scan services provided by our vendors (including, for example, Onfido Inc.) to help verify your identity. These biometric identity verification providers and their contractors compare facial scan data extracted from your photo in your ID (e.g., driver's license) to the facial scan data extracted from the selfie photo or video you upload, and then report back to us whether or not there is a match. We will use these results to help verify your identity. These scans and associated results may constitute biometric information or biometric identifiers under certain laws. Any biometric identifier/information or representation of it will be processed based on your consent and collected, stored, and managed by Onfido or the applicable biometric identity verification provider. For more information, please see the Onfido Facial Scan Policy and Release and the Onfido Privacy Policy

Biometric data collected and processed for our verification purposes is scheduled to be retained until the earlier of when verification is complete or for up to one (1) year following your last interaction with the biometric identity verification provider, unless otherwise set forth at the time you provide consent or unless otherwise required by law or legal process. After this period, such biometric data is scheduled to be deleted. You may decline to use the biometric verification process, but this may limit our ability to complete the verification process required to use our Services. You may revoke your consent at any time by emailing us at privacy@draftkings.com.

  1. SECURITY AND RETENTION OF PERSONAL INFORMATION

The security of your information is important to us. We use reasonable administrative, technical, and physical procedures, practices, and safeguards designed to protect personal information we collect from unauthorized access, use, alteration, exfiltration, or destruction. Payment card information that we collect from you will be held by us in encrypted form. Consumer information will be securely erased from hard disks, magnetic tapes, solid state memory, and other devices before we dispose of the device; and if this is not possible, the device will be destroyed. We will keep your information for as long as it is needed to achieve its purpose or meet our legal obligations, including, but not limited to, any legally required retention periods, after which we will make reasonable efforts to dispose of it in accordance with our records retention policy and schedule. We make concerted, good faith efforts to maintain the security of your information. Although we work hard to ensure the integrity and security of our systems, it must be recognized that no information system is 100% secure and, therefore, we cannot guarantee the security of such information. Outages, attacks, human error, system failure, unauthorized use, or other factors may compromise the security of user information at any time.

You can also play a role in protecting your personal information. To protect your personal information while using our Website, Applications, and other Services, we strongly suggest that you do not share your Account information and that you adhere to the following password practices:

  • Use a strong password that is at least ten (10) alphanumeric characters long, and contains upper and lower-case characters, numbers, punctuation marks, and special characters such as !@#$;
  • Use a password that is not easily guessed and is not a word in any language, slang, or is based on personal information such as a family name;
  • Treat your password as confidential and do not disclose it to anyone else;
  • Do not write down your password;
  • Do not store your password online in unencrypted form;
  • Change your password every three (3) months; and
  • Choose a password that is unique, not one that you use for any other website or application.
  1. YOUR RIGHTS AND CHOICES REGARDING PERSONAL INFORMATION
  • Email Communication. We will periodically send you free newsletters and emails that contain information about our various Services or other products and services we feel may be of interest to you. At any time you can easily indicate your preference to stop receiving such communications from us, and you may opt out of receiving further marketing from us by emailing us at privacy@draftkings.com or by following the unsubscribe instructions provided in the email you receive. Despite your indicated email preferences, we may send you transactional and service-related communications, including notices of any updates to our terms of use and this privacy notice.
  • Advertising Alliances Opt-out. 

In addition to adjusting the appropriate settings in your browser, many advertising companies that may collect information for targeted advertising purposes are also members of the Digital Advertising Alliance or the Network Advertising Initiative. Both of these organizations provide directions on how you can opt-out of targeted advertising by their members. You can find more information on these options at http://www.aboutads.info and https://www.networkadvertising.org/.

  • Accessing Your Personal Information.

You may access certain personal information by viewing it within your Account. You may also request access to personal information that we have collected about you during the past twelve (12) months (or during a longer period in the event required by applicable law) by contacting us as specified below. Where technically feasible, you may request a portable copy of your personal information in a readily usable format.

  • Deleting Your Personal Information. 

You may delete certain personal information by editing your information from within your Account. You may also request deletion of certain personal information we maintain about you, and we will use commercially reasonable efforts to honor your request, but please note that we may be legally or otherwise required or permitted to retain such information and not delete it for a certain time, in which case we will make reasonable efforts to comply with your deletion request after we have fulfilled such requirements or completed such permitted uses. When we delete information, it will be deleted from the active database but may remain in our archives. We may also retain your information to detect and prevent fraud or other unlawful activity or otherwise based on our legal rights or obligations.

  • Correcting Your Personal Information.

We take reasonable steps to ensure that the information we collect and process about an individual is complete, up-to-date and accurate, consistent with the requirements of applicable law. However, you also have a responsibility to inform us in the event any of your personal information that we hold is incorrect, incomplete, outdated, or inaccurate. In the event you at any time believe the personal information we hold about you is incorrect, incomplete, outdated, or inaccurate, you may request that we amend such personal information.

  • How To Submit Requests to Access, Delete, or Correct Your Personal Information.

You may submit a request to access, delete, or correct your personal information by emailing us at privacy@draftkings.com. Please note that we may deny or fulfill a request only in part based on our legal rights and obligations. Please also note that, as a regulated entity, we may be required to retain numerous categories of personal information for periods prescribed by law, which may often span several years. In the event we deny a request or part of a request, we will provide information about the reason for the denial. In the event you wish to temporarily or permanently close your Account, please email us at support@draftkings.com.

When we receive a request, we will take reasonable steps to verify the identity of the requestor in accordance with applicable law. In the event the requestor has a password-protected Account with us, we may verify their identity through our existing authentication practices and may require the requestor to re-authenticate themselves before disclosing, correcting, or deleting the Account holder’s data. In the event a requestor does not have a password-protected Account, we will take reasonable steps to verify their identity in accordance with applicable law prior to responding to a request. The verification steps may vary depending on the sensitivity of the personal information and the region where the requestor is located. In the event we cannot verify a requestor’s identity using these methods, we may use an appropriate third-party verification service.

  • Opt-Out of Targeted Advertising and the Sale or Sharing of Personal Information. As described above, we and certain other companies may place tracking technologies on our Website and Applications, which allow us and such companies to receive information about your activity on our Services associated with your browser or device. You may request to opt out of the disclosure of your personal information to third parties for non-required purposes by clicking the Do Not Sell or Share My Personal Information link in the footer of our Website and following the instructions on the page that appears. (In certain jurisdictions, the link may be labeled Do Not Share My Personal Information.) Please also keep in mind that your cookie and tracking tool preferences are specific to the device, website, and browser you are using to access the Website and may be deleted when you clear your browser’s cache. You may also opt out of having your personal information disclosed to third parties for non-required purposes by visiting the Login & Security tab of your My Account or Profile page on the Website or Applications and switching the Data Sharing: Do Not Sell or Share My Personal Information toggle to “Off.” For purposes of this Section, “sell” means, subject to certain exceptions in applicable law, the sale, rental, release, disclosure, dissemination, availability, transfer, or other oral, written, or electronic communication of your personal information to an outside party for monetary or other valuable consideration; and “sharing” means, subject to certain exceptions in applicable law, disclosure of personal information to third parties for cross-context behavioral advertising (as defined in the California Consumer Privacy Act) or targeted advertising (as defined in certain other U.S. state-specific privacy laws). In the event you do not have an Account or are not logged into your Account when you make an opt-out selection, your request to opt out of sale or sharing will only be linked to your browser identifier and not linked to any Account information because the connection between your browser and the Account is unknown to us. Please note that after you opt out of the sale or sharing of your personal information, your use of our Website and Application(s) may still be tracked by us and our service providers.
  • You may stop all collection of information by our Applications by uninstalling the Applications. You may use the standard uninstall processes as may be available as part of your mobile device or via the mobile application marketplace or network. In the event you use an Apple device, you may initiate the closure of your account from the Login & Security tab of the My Account or Profile page within the Application. You may also send a request to permanently delete your Account by following the instructions specified in the How To Submit Requests to Access, Delete, or Correct Your Personal Information section above.
  1. HOW WE RESPOND TO DO NOT TRACK SIGNALS

Various browsers, including, but not limited to, Firefox, Internet Explorer, and Safari, currently offer a “Do Not Track” or “DNT” option that relies on a technology known as a DNT header, which sends a signal to websites visited by the user about the user’s browser DNT preference setting. Please note that, at this time, we do not honor “DNT” signals or other mechanisms that may allow you to opt out of the collection of information across networks of websites and online services, as there is no standard for how online services should respond to such signals. As standards evolve, we may develop policies for responding to DNT signals that would be described in future versions of this notice. For more information on DNT options, please visit www.allaboutdnt.org.

  1. PROHIBITED USERS

As indicated in our terms of use, employees, operators, or consultants of a sports-governing body may be prohibited from participating in certain DFS contests and Gaming offerings where such employee, operator, or consultant is prohibited from participating in DFS contests or Gaming offerings by such governing body ("Prohibited Users"). For clarity, examples of sports governing bodies include, but are not limited to, the National Football League, Major League Baseball, and the National Basketball Association. We may report any suspected participation in the Services or in any DFS contest or Gaming offering by any Prohibited Users to the applicable sports-governing body or gaming integrity organization (e.g., the International Tennis Integrity Agency).

  1. CHILDREN

The Website, Applications, and other Services are not directed toward individuals under the age of eighteen (18), and we require that such individuals under the age of 18 not provide us with personal information. We do not knowingly collect or maintain personal information from anyone under the age of 18 through our Services. In the event we become aware that a person under 18 has provided us with personal information through the Services, we will make reasonable efforts to delete the information from our files, unless we are required to retain it under applicable law or legal process. In the event you are the parent or legal guardian of a person under 18 who you believe has provided personal information to us through the Services, please contact our privacy team at privacy@draftkings.com.

  1. INTERNATIONAL USERS & PRIVACY RIGHTS

The Website and Applications are hosted in the United States. In the event you are a user accessing the Services from the European Economic Area (“EEA”), United Kingdom (“UK”), or any other region with laws or regulations governing personal information collection, use, and disclosure that differ from the state, provincial, and federal laws and regulations of the United States and Canada, please be advised that through your continued use of the Website, Applications, or other Services, which is subject to this notice and our terms of use, you are transferring your personal information to the United States. Your information may be stored and processed in any country where we have facilities or in which we engage vendors and service providers. By accepting this notice and by using the Website, Applications, or other Services, you consent to the transfer of your information to countries outside your country of residence, including the United States, which may have different data protection rules than those of your country. Data subjects located in the EEA and UK have certain rights concerning their personal data, including under the General Data Protection Regulation (EU) 2016/679 and the UK General Data Protection Regulation. The preceding sections of this privacy notice describe our practices regarding the collection, use, storage, and disclosure of personal data. This section supplements the preceding sections by describing EEA and UK data subjects' rights with respect to their personal information and explaining how to exercise such rights. In particular, data subjects located in the EEA and UK have the right to:

  • Request access to their personal data and information related to its processing and to obtain a copy thereof;
  • Request rectification of any inaccuracies in or information missing from their personal data;
  • Request erasure of their personal data;
  • Request restriction of the processing of their personal data in cases explicitly provided for under applicable law;
  • Request portability of their personal data to another data controller in a structured, commonly used, and machine-readable format;
  • Object to the processing of their personal data in cases explicitly provided for under applicable law;
  • Withdraw consent previously provided to us for the processing of their personal information;
  • Object to a decision taken solely on the basis of automated processing, including profiling, which has impacted or significantly affected them; and
  • Lodge a complaint with an EEA or UK supervisory authority. However, in the event you have a complaint regarding the processing of your personal data or information, we encourage you to first contact us and we will reply on a timely basis.

Any requests concerning the foregoing rights should be directed to us via email addressed to privacy@draftkings.com. We will respond to requests within one (1) month of their receipt. Upon notice, this period may be extended by up to two (2) additional months in the event necessary, taking into account the complexity of the request and the number of pending requests. In the unlikely event your request is declined, we will provide an explanation for the declination of your request. In the event your request does not satisfy the requirements of applicable law, we reserve the right to: (i) impose a reasonable fee, taking into account the administrative costs of providing the information or communicating or executing the action requested; or (ii) decline your request. In the event there are any doubts as to the identity of an individual submitting a request, we reserve the right to request that he or she provide additional information necessary to verify his/her/their identity.

The lawful bases for our processing of personal data under EEA and UK data protection legislation are:

  • Fulfilling contractual obligations in providing services to you;
  • Legitimate interests in connection with providing, promoting, and improving our Services, analyzing customer behavior, conducting correspondence, and detecting and preventing fraudulent, harmful, abusive, and other unlawful uses of our Services;
  • Legal obligations including, but not limited to, those in connection with our need to comply with the requirements of data protection, gaming, and other applicable legislation and regulations, including, but not limited to, age and identity checks and responsible gaming requirements;
  • Your consent in the event we ask for and obtain it, including, but not limited to, for specific direct marketing activities or the use of non-essential cookies on our European website(s); and
  • To determine, pursue, defend against, or litigate legal claims related to our Services.
  1. CALIFORNIA PRIVACY RIGHTS
  • California Consumer Privacy Act

California residents (“CA Consumers”) have certain rights concerning their personal information, including under the California Consumer Privacy Act (“CCPA”). This section supplements the preceding sections of this Privacy Notice by describing CA Consumers’ additional rights with respect to their personal information and explaining how to exercise such rights. As described in more detail above, we collect and use the following categories of personal information for the business and commercial purposes described in this privacy notice:

  • Identifiers, including, but not limited to, real name, username, postal address, email address, telephone number, Social Security number; driver’s license, state identification, and passport numbers;
  • Information included in customer records as described in subdivision (e) of California Civil Code Section 1798.80, including, but not limited to, profile photos; credit card, debit card, and bank account numbers; other payment and financial information; and tax information and documents;
  • Demographic information and characteristics of protected classifications under California or federal law, including, but not limited to, date of birth and age;
  • Commercial information, including records of products or services purchased, obtained, or considered;
  • Biometric information as it relates to Account identity verification;
  • Employment information;
  • Education information;
  • Internet or other electronic network activity information, including, but not limited to, information on users’ interaction with the Website, Application(s), and other Services and other companies’ websites and applications, including, but not limited to, information on preferences, usage, communications, subscriptions, SNS usernames, associations, likes, and public profile information;
  • Geolocation information; and
  • Inferences drawn from the information described above.

We may collect this personal information from the categories of sources described in this privacy notice. We may disclose the above-referenced categories of personal information for our business and/or commercial purposes to the extent permitted by applicable law with the categories of parties described in Section 3 and Section 4 of this notice.

Based on our advertising and marketing practices, we may share the following categories of personal information: online identifiers (such as IP addresses, advertising identifiers, cookie identifiers, and pixel tags), email addresses, names, general demographics, and certain commercial information. We may disclose these categories of personal information to the categories of parties described in Section 1, Section 3, Section 4, and Section 5 of this notice, including advertisers and marketing entities, Analytics Companies, and SNS.

We keep your data for as long as it is needed to achieve its purpose or meet our legal obligations, including, but not limited to, any legally required retention periods, after which we will make reasonable efforts to dispose of it in accordance with our records retention policy and schedule.

From time to time, we may collect personal information in connection with a promotion, offer, program, or discount. The offers and incentives made available through them are generally related to the value of the relationships that we have with the individuals who participate. Participation is voluntary, and you may withdraw at any time by emailing us using the information set forth in Section 14.

  • Sensitive Personal Information Processing.

We and/or our service providers may process the following categories of sensitive personal information as necessary to provide the Services and for permitted business purposes: credit or debit card numbers; financial account numbers; government-issued identification numbers (such as driver’s license, Social Security, and passport numbers); precise geolocation; biometric information; and username and password.

  • Right to Know and Access Personal Information Collected, Used, Shared, or Sold.

As described in this Section 12, CA Consumers have the right to request access to personal information we collect about them. The CCPA provides more details on the requests CA Consumers can make. CA Consumers have the right to request that we disclose the following information for the period covering at least the twelve (12) months preceding their request:

  • the categories of personal information we collected about you;
  • the categories of sources from which we collected personal information about you;
  • the categories of personal information that we have disclosed about you for our business purposes and the categories of suppliers to whom the personal information was disclosed;
  • the categories of personal information that we sold to third parties and the categories of third parties to whom the personal information was sold, if any;
  • the business or commercial purpose(s) for which personal information about you was collected, shared, or sold; and
  • the specific pieces of personal information we collected about you.
  • Right to Correct Inaccurate Personal Information.

CA Consumers have the right to request that we correct inaccurate personal information we maintain about the CA Consumer, as described in Section 7.

  • Right to Request Deletion of Personal Information.

CA Consumers have the right to request that we delete the personal information we maintain about them, subject to certain exceptions, as described in Section 7.

  • Right to Opt-Out of the Sale or Sharing of Personal Information.

CA Consumers have the right to opt-out of a business’s sale or sharing of their personal information. You may opt-out of the sale or sharing of your personal information by clicking Do Not Sell or Share My Personal Information link in the footer of our Website and following the instructions on the page that appears; or by visiting the Login & Security tab of the My Account or Profile page on the Website or Applications and switching the Data Sharing: Do Not Sell or Share My Personal Information toggle to “Off.” We do not knowingly sell or share the personal information of individuals under 18 years of age.

  • Right to Non-Discrimination for Exercising Privacy Rights.

DK will not discriminate against CA Consumers for exercising their rights under the CCPA or other applicable privacy laws. We will not do any of the following based on a CA Consumer’s exercise of their rights under the CCPA:

  • Deny the CA Consumer goods or services;
  • Charge the CA Consumer different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties;
  • Provide the CA Consumer with a different level or quality of goods or services;
  • Suggest that the CA Consumer may receive a different price or rate for goods or services or a different level or quality of goods or services; or
  • Retaliate against an employee, applicant, or independent contractor who exercises their rights under the CCPA.
  • How To Request Access, Deletion, or Correction.

You may submit a request to access, delete, or correct your personal information by emailing us at privacy@draftkings.com. Please review Section 7 for more information.

  • Designating an Authorized Agent to Submit Privacy Requests.

CA Consumers may use an authorized agent to submit requests to access, delete, or correct their personal information. An authorized agent is a person or entity registered with the California Secretary of State that a CA Consumer has authorized to act on their behalf. In the event you choose to submit a privacy request to us through an authorized agent, we may require that you provide the agent with written permission to do so and that the agent verify their own identity with us. In the event your privacy request is submitted by an agent without proof that they have been authorized by you to act on your behalf, we may deny the request.

  • “Shine the Light” Law.

A CA Consumer who has provided personal information to a business with whom they have established a business relationship for personal, family, or household purposes is entitled to request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes. In general, in the event the business has made such a disclosure of personal information, upon receipt of a request from a CA Consumer, the business is required to provide a list of all third parties to whom personal information was disclosed in the preceding calendar year, as well as a list of the categories of personal information that were disclosed.

However, under the law, a business is not required to provide the above-described lists in the event the business adopts and discloses to the public (in its privacy notice) a policy of not disclosing CA Consumer’s personal information to third parties for direct marketing purposes unless the business gives users a mechanism to opt out of having their personal information disclosed to third parties for direct marketing purposes. Rather, the business may comply with the law by notifying the CA Consumer of their right to prevent disclosure of personal information and providing a cost-free means to exercise the right.

We have opted for this alternative approach. As stated in this notice, we give CA Consumers a mechanism to opt out of having their personal information disclosed to third parties for direct marketing purposes. Therefore, we are not required to maintain or disclose a list of third parties that received your personal information for marketing purposes. In the event you wish to opt out of sharing your personal information with third parties for direct marketing purposes, please see the instructions in Section 7 for how to opt out.

  1. COLORADO, CONNECTICUT, AND VIRGINIA PRIVACY RIGHTS
  • Consumer Rights Under Colorado, Connecticut, and Virginia State Law.

Residents of Colorado, Connecticut, and Virginia (“Covered Consumers”) have certain rights concerning their personal information under applicable state law. This section supplements the preceding sections of this notice by describing Covered Consumers’ additional rights with respect to their personal information and explaining how to exercise such rights, all of which are subject to applicable exceptions. Please note that for purposes of these rights under this Section 13, personal information does not include information about job applicants, employees and other personnel, or representatives of third-party entities we may interact with. 

  • Sensitive Personal Information Processing.

We and/or our service providers may process the following categories of sensitive personal information: precise geolocation; biometric Information; citizenship and/or immigration status.

  • Loyalty Program Information.

From time to time, we or our vendors on our behalf may collect personal information in connection with a loyalty or rewards program, including the Dynasty Rewards Program. See https://www.draftkings.com/dynasty-home and https://www.draftkings.com/dynasty-rules for the Dynasty Rewards Program terms and benefits.

  • Right to Request Access, Deletion, and Correction.

Covered Consumers have the right to request that we confirm whether or not we are processing their personal information and request access to, correction of, and deletion of their personal information. You may submit a request by emailing us at privacy@draftkings.com. Please see Section 7 above for more information, including applicable verification requirements and limitations.

  • Right to Opt-Out of Targeted Advertising and the Sale of Personal Information.

We may use personal information obtained from and in connection with Covered Consumers’ activities across unaffiliated sites to provide more relevant advertising to you. Covered Consumers have the right to request that we stop using their personal information for such targeted advertising. Additionally, Covered Consumers have the right to opt-out of “sales” of personal information as defined under applicable state law. See Section 7 for information on how to opt out. As described above, based on our advertising and marketing practices, we may disclose the following categories of personal information to third parties: online identifiers (such as IP addresses, advertising identifiers, cookie identifiers, and pixel tags), email addresses, names, general demographics, and certain commercial information. We may disclose these categories of personal information to the categories of parties described in Section 3 and Section 4 of this notice, including advertisers and marketing entities, Analytics Companies, and SNS.

If you are a Covered Consumer residing in Colorado or Connecticut, you may designate an authorized agent to make an opt-out request on your behalf. When submitting the opt-out request, please ensure the authorized agent is identified as an authorized agent and ensure that the agent has the necessary information to complete the verification process. Please note that we do not knowingly sell or use for targeted advertising purposes the personal information of individuals under 18 years of age.

  • Right to Appeal.

Covered Consumers have the right to submit a formal appeal in the event they are not satisfied with the outcome of a privacy request. Please send appeals via email to privacy@draftkings.com with “Appeal” in the subject line or body of the message.

  1. HOW TO CONTACT US

Any inquiries or comments regarding your personal information and privacy rights, our data privacy practices, this privacy notice, or any reports regarding suspected or actual security violations or harmful or unlawful activity, including, but not limited to, fraud on your Account should be directed to our privacy team via email to privacy@draftkings.com.

  1. CHANGES AND UPDATES TO THIS PRIVACY NOTICE

This privacy notice may be revised periodically in our sole discretion, and any changes will be effective upon the revised privacy notice being posted to our Website or Applications. You are solely responsible for reviewing this notice for any changes. In the event we make material changes to this notice, as determined by us in our sole discretion, we will notify you and/or request that you accept our updated privacy notice. You are solely responsible for updating your personal information to provide us with your most current email address. If the last email address you provided is not valid or for any reason is not capable of delivering notifications to you, then, in the event we provide you notification via email, our dispatch of the email containing such notification will constitute effective notification of the changes made to the notice. In the event you do not wish to permit changes in our use of your personal information, you must notify us that you wish to deactivate your Account. Your continued use of our Services following any changes to this privacy notice will indicate your acknowledgement of and consent to such changes and to be bound by such changes, with the understanding that the updated privacy notice applies to all of your personal information, including the personal information collected before the changes went into effect.