Privacy Policy

Your rights under UK GDPR and the Data Protection Act 2018

Last Updated: March 15, 2025

1. Personal Data We Collect

To provide and improve our services, we process the following categories of personal data in compliance with UK GDPR:

  • Identity Data: full name, username, date of birth.
  • Contact Data: email address, telephone number.
  • Account Credentials: password hashes, security questions.
  • Profile Data: avatar, preferences, interests.
  • Usage Data: IP address, device type, browser information, session logs.
  • Transaction Data: purchase history, billing address (processed by PCI-compliant providers).
  • Communication Data: support tickets, feedback, forum and chat messages.
Sensitive Data: We do not collect special categories of data (e.g. health, biometrics) or government identifiers.

2. Purposes & Legal Bases

We handle your data only for specified purposes under UK GDPR. Our legal bases include:

  • Contract Performance: to register your account, process transactions, and deliver digital goods.
  • Legal Obligation: to comply with tax, anti-fraud, and record-keeping requirements.
  • Legitimate Interests: to secure our platform, prevent fraud, and optimise user experience.
  • Consent: for marketing communications, newsletters, and optional personalization features.

3. Sharing Your Data

We disclose personal data only when necessary and always with safeguards:

  • Service Providers: payment processors, hosting, analytics, support—under Data Processing Agreements.
  • Regulatory Authorities: when required by law or to protect rights (e.g. ICO, law enforcement).
  • Corporate Events: merger, acquisition, or sale—subject to confidentiality and UK GDPR protections.
  • Third-Party Integrations: social logins and marketing partners—with your explicit consent.
No Selling: We do not sell your personal data to third parties.

4. Data Security Measures

We apply technical and organisational safeguards to protect your personal data:

  • Encryption in transit (TLS) and at rest.
  • Pseudonymisation and anonymisation where feasible.
  • Role-based access controls and multi-factor authentication for staff.
  • Regular security audits, penetration testing, and vulnerability assessments.
  • Incident response plan and breach notification procedures within 72 hours.

5. Your Rights Under UK GDPR

You have the following rights, subject to legal exemptions:

  • Access: request a copy of your personal data.
  • Rectification: correct inaccurate or incomplete data.
  • Erasure: request deletion of your personal data.
  • Restriction: limit how we process your data.
  • Portability: receive your data in a structured, machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Withdraw Consent: at any time for marketing or non-essential processing.
  • Complain: lodge a complaint with the Information Commissioner’s Office (ICO) if you believe we’ve breached data protection laws.

6. Cookies & Tracking Technologies

We use cookies, web beacons, and similar tools. For details, see our Cookie Policy. You can manage preferences via our banner or your browser settings.

7. Data Retention Periods

We retain personal data only as long as necessary:

  • Account & profile data: until you delete your account, plus 12 months for auditing.
  • Transaction records: 7 years to comply with financial and tax laws.
  • Support communications: 3 years for quality improvement.
  • Analytics data: anonymised indefinitely; raw logs deleted after 24 months.

8. Children’s Data

Our services are not for users under 13. We require parental consent for ages 13–16. If we discover data from a child under 13 without consent, we will delete it promptly. Parents may contact us to review, correct, or delete their child’s data.

9. International Data Transfers

Your data may be transferred outside the UK to our group entities or service providers. We ensure adequate protection through:

  • UK adequacy decisions.
  • Standard Contractual Clauses approved by the UK ICO.
  • Binding Corporate Rules for intra-group transfers.

10. Changes to This Policy

We may update this policy to reflect legal, technical, or operational changes. When we do:

  • We’ll post the revised policy here with a new “Last Updated” date.
  • We’ll notify you via email or on the platform if changes are material.

Your continued use of our services after updates constitutes acceptance of the changes.

Contact Our Data Protection Officer

For any questions or to exercise your rights, contact:

Email: privacy@gamegroove.it.com.com

Address:Westgate Shopping Centre, Queen St, Oxford OX1 1PA

Please quote “Privacy Policy Inquiry” in your message.