Nintendo shares your personal data with a range of third-party companies that handle payment processing, data analysis, marketing, hosting, and customer service on its behalf, as well as with business partners for marketing purposes.
This analysis describes what Nintendo's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
Sharing with business partners for marketing purposes goes beyond operational necessity and means your data may be used by companies outside Nintendo's direct control to market products to you.
Interpretive note: The distinction between service providers and business partners, and whether business partner sharing constitutes a 'sale' under CCPA, requires analysis of specific contractual arrangements not disclosed in the policy.
Nintendo now explicitly discloses that it collects persistent identifiers (IP addresses, device IDs) from child users for operational, security, fraud prevention, and service improvement purposes, an…
Nintendo now discloses that it uses location data not only for location-based games and friend connections, but also to enable check-ins at specific events and Nintendo locations, which is a new expl…
Your personal data including gameplay history, purchase records, and contact information may be shared with Nintendo's service providers and business partners, some of whom may use it for their own marketing purposes, extending the reach of your data beyond Nintendo itself.
How other platforms handle this
We may share your personal data with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. We may also share your personal data with advertising partners to display relevant advertising to y...
We may share your personal information with third-party vendors and service providers that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
In order to provide you with services, Valve needs to share some data with the publisher or developer of the game (for example to verify your ownership of the game and register your Steam ID with the publisher), or with other third parties that Valve works with to provide services to you. Valve will...
Monitoring
Nintendo has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
"We may share your information with third parties that perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance. We may also share your information with business partners who offer products or services that may be of interest to you.— Excerpt from Nintendo's Nintendo Privacy Policy
REGULATORY LANDSCAPE: Data sharing with service providers must comply with CCPA requirements that service providers are contractually prohibited from retaining, using, or disclosing personal information outside the business purpose; sharing with 'business partners' for marketing may qualify as a 'sale' or 'sharing' of personal information under CCPA triggering opt-out rights. GDPR requires that data transfers to third parties have a valid lawful basis and that data processors be bound by appropriate contractual terms (Article 28 agreements). Cross-border data transfers to Nintendo affiliates or service providers outside the EEA require an adequacy decision or appropriate safeguards such as Standard Contractual Clauses. GOVERNANCE EXPOSURE: Medium. The distinction between service providers (who process data only on Nintendo's behalf) and business partners (who may use data for their own marketing) is operationally significant under CCPA and GDPR. If business partner data sharing constitutes a 'sale' or 'sharing' without an adequate opt-out mechanism, this creates direct regulatory risk. JURISDICTION FLAGS: California residents have opt-out rights for any sharing that qualifies under CCPA, and the California Privacy Protection Agency has enforcement authority. EU/EEA users require that any international data transfer be covered by Standard Contractual Clauses or another GDPR-compliant transfer mechanism. Other state privacy laws (Virginia, Colorado, Connecticut) impose similar opt-out rights for data sharing with third parties for advertising. CONTRACT AND VENDOR IMPLICATIONS: The policy does not enumerate specific service providers or business partners, which limits transparency for compliance due diligence. Vendor agreements should clearly distinguish between service provider relationships (with data processing agreements) and business partner relationships (which require opt-out mechanisms). Procurement teams should assess whether existing vendor agreements meet updated CCPA and GDPR contractual requirements. COMPLIANCE CONSIDERATIONS: Legal teams should maintain an up-to-date list of all third-party data recipients, categorized as service providers versus business partners, with the legal basis and contractual framework for each sharing relationship documented. The opt-out mechanism for business partner data sharing should be tested to verify it functions correctly and that opt-out signals are passed through to all relevant partners.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
ConductAtlas detected a major restructuring of Meta’s privacy policy that removed detailed consumer rights disclosures and relocated them to separate documents.
Your genetic data may be transferred to a new owner as a business asset. Here is what the Terms of Service actually say and what you can do right now.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
Sharing with business partners for marketing purposes goes beyond operational necessity and means your data may be used by companies outside Nintendo's direct control to market products to you.
Your personal data including gameplay history, purchase records, and contact information may be shared with Nintendo's service providers and business partners, some of whom may use it for their own marketing purposes, extending the reach of your data beyond Nintendo itself.
ConductAtlas has identified this type of provision across 7 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Nintendo.