Privacy Policy
Effective Date: 2025
Welcome to the Platform (hereinafter referred to as “we,” “us,” or “the Platform”). We are committed to protecting your
privacy and ensuring the lawful, fair, and transparent processing of your personal data in accordance with applicable
data protection laws, including the EU General Data Protection Regulation (GDPR), the UK GDPR, and other relevant
international standards.
By accessing or using our services—including but not limited to buying/selling in-game items, virtual currencies, game
accounts, or related digital assets—you acknowledge that you have read, understood, and agreed to this Privacy Policy.
If you do not agree, please refrain from using our services.
1. Who We Are
We act as the data controller for the personal data you provide through our platform. Our registered address is:
[Your Company Legal Address]
For any data protection inquiries, please contact our Data Protection Officer (DPO) at: [email protected].
2. What Personal Data Do We Collect?
We collect and process the following categories of personal data:
a) Account & Identity Information
Email address, username, password (hashed)
Full name and government-issued ID (for KYC/AML compliance when trading high-value items)
Date of birth (to verify age eligibility)
b) Transaction & Payment Data
Order history, item descriptions, transaction amounts
Payment method details (processed securely via third-party providers like Stripe, PayPal; we do not store full card
numbers)
Billing/shipping address (if applicable)
c) Technical & Usage Data
IP address, device type, browser version, operating system
Cookies and similar tracking technologies (see Section 5)
Login timestamps, session duration, clickstream behavior
d) Communications
Messages exchanged between buyers and sellers
Customer support tickets and responses
3. Why and How We Use Your Data (Legal Basis)
Under GDPR Article 6, we process your data based on one or more of the following legal grounds:
Purpose Legal Basis
Account creation & service delivery Performance of a contract
Fraud prevention, security monitoring Legitimate interest
Compliance with legal obligations (e.g., anti-money laundering) Legal obligation
Marketing communications (e.g., newsletters) Your explicit consent (you may withdraw anytime)
Platform improvement & analytics Legitimate interest (with anonymization where possible)
We never sell your personal data to third parties for advertising purposes.
4. Your Rights Under GDPR
As a data subject, you have the right to:
Access: Request a copy of the personal data we hold about you.
Rectification: Correct inaccurate or incomplete information.
Erasure (“Right to be Forgotten”): Request deletion of your data, unless we are legally required to retain it (e.g., for
tax or fraud prevention).
Restriction of Processing: Limit how we use your data under certain conditions.
Data Portability: Receive your data in a structured, machine-readable format (e.g., JSON).
Object: Object to processing based on legitimate interest or direct marketing.
Withdraw Consent: At any time, without affecting the lawfulness of prior processing.
To exercise these rights, email us at [email protected]. We will respond within 30 days.
5. Cookies and Tracking Technologies
We use cookies to:
Maintain your login session
Remember preferences (e.g., language, currency)
Analyze traffic via Google Analytics (anonymized IP enabled)
Prevent bot activity and fraud
You can manage cookie preferences via our Cookie Consent Banner on first visit. Disabling essential cookies may impair
core functionality.
6. International Data Transfers
Our servers are primarily located in the European Economic Area (EEA). However, some subprocessors (e.g., cloud hosting,
support tools) may operate outside the EEA.
When transferring data internationally, we ensure adequate safeguards, such as:
Standard Contractual Clauses (SCCs) approved by the European Commission
Binding Corporate Rules (where applicable)
Verification that the recipient country offers an adequate level of protection per EU standards 8
A list of our subprocessors is available upon request.
7. Data Retention
We retain your personal data only as long as necessary:
Active accounts: Until you delete your account
Transaction records: Up to 5 years to comply with financial regulations
Support logs: Up to 2 years after case closure
Anonymized analytics data may be retained indefinitely.
8. Security Measures
We implement industry-standard technical and organizational measures, including:
End-to-end encryption (TLS 1.3+)
Regular penetration testing
Role-based access controls
Incident response plan compliant with GDPR’s 72-hour breach notification requirement 9
9. Third-Party Services & SDKs
We integrate trusted partners such as:
Payment processors: Stripe, PayPal
Analytics: Google Analytics (with IP anonymization)
Live chat: Zendesk
Fraud detection: Sift or Arkose Labs
Each partner is vetted for GDPR compliance, and their data processing activities are governed by Data Processing
Agreements (DPAs).
10. Children’s Privacy
Our services are not intended for individuals under 16 years old (or 13 in certain jurisdictions with parental consent).
We do not knowingly collect data from children. If discovered, we will promptly delete such data.
11. Policy Updates
We may update this Privacy Policy to reflect changes in our practices or legal requirements. Significant changes will be
communicated via:
In-app banner
Email notification (if you provided one)
Updated “Effective Date” at the top
Continued use of our services constitutes acceptance of the revised policy.
12. Contact Us
For questions, complaints, or to exercise your rights, please contact:
📞 +44 XXXX XXXXXX (EU office)
📮 [Your EU Representative Address, if applicable]
You also have the right to lodge a complaint with your local Data Protection Authority (DPA)—e.g., the UK ICO or
France’s CNIL.
