The processing of Personal Data is regulated by the European Union General Data Protection Regulation EU 2016/679 (hereinafter referred to as the “GDPR”) and applicable privacy laws.
The data controller in respect to xplay Services is CS Virtual Trade Ltd - a company duly registered under the laws of Cyprus (“xplay” or “we”). Registration number: HE 389299 Registered address: Spyrou Araouzou & Koumantarias, 705, Fayza House, 1st floor, 3036, Limassol, Cyprus.
Contact us anytime via e-mail: [email protected]
Contact our Data Protection Officer for any inquiries regarding your Personal Data and for the exercise of your rights via [email protected]
By personal data or data, we mean any information capable of being associated with you as an individual, such as your name, e-mail address, or that can be connected to you indirectly, such as your language or currency choice.
Device and Location Data:
When you visit our Website we collect the following data:
- IP address and location info (country, city, etc.)
- Device and OS information (screen size, OS, browser information)
We collect information about your use of the Website. The data is derived from your activity on the Website and includes such information as:
- your Website personal settings;
- your payments, refunds, subscriptions, search history;
- your activity logs;
- information you provide when you request information or support from us;
- your recommendations on how to improve our Services.
- steam ID and FACEIT level;
- your activity logs;
- your gameplay statistics;
- chat history
When you make a purchase or request a refund within our Services you disclose your payment credentials directly to a respective payment service provider. Payment service providers process your payment data under their privacy policies.
We may receive from our payment partners and process a part of your credit card number, information about your credit card issuer. For billing purposes, we may collect your email.
Our legitimate interests are:
- to develop, improve and deliver our Services;
- to make our Services known and popular in the gaming industry;
- to make the use of our Services secure for the Users;
- to prevent fraud and other illegal use of our Services.
We do not sell Personal Data. We may disclose Personal Data to the following parties:
- If there is an unresolved issue relating to your account, such as an unresolved claim and/or dispute - we will retain the necessary Personal Data until the said issue is resolved;
- Where necessary to comply with legal, tax, audit, and accounting obligations and/or any other legal obligation, we will retain the necessary Personal Data for the period required by the applicable law;
- Where necessary to fulfill our legitimate interests such as fraud prevention and/or maintenance of our Users' security.
Right to access your Personal Data - You may request a copy of your Personal Data and/or the way we store your Personal Data.
Right to rectification - you may request to change some of your Personal Data and/or correct your Personal Data if this is inaccurate.
Right to erasure - you may request to delete all or some of your Personal Data, for example, if:
- they are no longer needed for any processing purposes
- consent has been used as a legal basis for their processing
- there is no legitimate interest in the further processing of Personal Data
Right to object - you may object to the processing of your Personal Data on grounds relating to your particular situation and/or to object processing your Personal Data for direct marketing purposes.
Right to object to automated processing - you may object to a decision based on automated processing. This means that you may request to review your Personal Data manually if you believe that automated processing of your Personal Data may not consider your unique situation.
Right for data portability - you may request to provide you a copy of your Personal Data in a structured, commonly used, and machine-readable format (e.g. xml, csv). Furthermore, you have the right to request to transmit the said Personal Data directly to another controller.
Right to lodge a complaint - you have the right to lodge a complaint with a supervisory authority, in particular to the member state of the European Union of your habitual residence, place of work, or place of the alleged infringement.
If you are a California resident, you additionally may request from us the following information:
- The categories of Personal Data we have collected about you;
- The categories of sources from which the Personal Data was collected;
- The categories of Personal Data about you we disclosed for a business purpose or sold;
- The categories of third parties to whom the Personal Data was disclosed for a business purpose or sold;
- The business or commercial purpose for collecting or selling the Personal Data;
- The specific pieces of your Personal Data we have collected.
If you are a California resident under 18 years old, you may request to remove any content or information you have posted on the Services.
To exercise any of these rights please contact us via online chat or by email at [email protected] For security purposes, before exercising any of your rights we may ask you to prove your identity.
In the past 12 months, we have collected the following categories of Personal Data listed in the CCPA:
- Identifiers, including name, email address, and online identifiers (such as IP address).
- Customer records, including credit or debit card information.
- Commercial or transaction information, including records of products or services, purchased.
- Internet activity, including interactions with the Website, or advertisements.
- Inferences, drawn from the above information about your predicted characteristics and preferences.
A Personal Data breach may, if not addressed in an appropriate and timely manner, result in a physical, material, or non-material risk to your rights and freedoms. Therefore, as soon as we become aware that a Personal Data breach has occurred, we will notify the Personal Data Breach to the Commissioner for Personal Data Protection without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless we are able to demonstrate, following the accountability principle, that the Personal Data breach is unlikely to result in a risk to your rights and freedoms. Where such notification cannot be achieved within 72 hours, the reasons for the delay should accompany the notification without undue further delay.
To ensure that the Personal Data is safeguarded, stored, and processed in a secured way we use Standard contractual clauses (SCC) adopted by the European Commission as a mechanism to transfer data from the EU countries. Our partners established in countries with an inadequate level of protection of personal data have adopted SCC, as appropriate, to ensure confidentiality, security, and legality of the processing of your personal data.