We care about your privacy. This Privacy Policy explains how your personal data is collected, used, and shared when you're using our website https://xplay.gg/ (“Website”) and using xplay services (“Services”).
The processing of Personal Data is regulated by the European Union General Data Protection Regulation EU 2016/679 (hereinafter referred to as the “GDPR”) and applicable privacy laws.
Please read this Privacy Policy carefully to understand how we handle your personal data. By using the Services, you acknowledge you have read and understood the Privacy Policy and that we will collect, use and share your information as set forth below.
The data controller in respect to xplay Services is CS VIRTUAL TRADE LTD - a company duly registered under the laws of Cyprus (“xplay” or “we”).
Registration number: HE 389299.
Registered address: Spyrou Araouzou & Koumantarias, 705, Fayza House, 1st floor, 3036, Limassol, Cyprus.
Contact us anytime via:
Support online chat: available at the right bottom corner on https://xplay.gg/
Contact our Data Protection Officer for any inquiries regarding your Personal Data and for the exercise of your rights via [email protected].
By personal data or data, we mean any information capable of being associated with you as an individual, such as your name, e-mail address, or that can be connected to you indirectly, such as your language or currency choice.
We collect data directly from you or our partners. When you visit our Website we collect technical data and information about how you use the Website. We do it with the use of cookies set by us or provided by our partners. We need this data to provide you with the Website, to analyze its use, remember your settings, and personalize content and ads.
Device and Location Data:
When you visit our Website we collect the following data:
- IP address and location info (country, city, etc.)
- Device and OS information (screen size, OS, browser information)
Account Data:
We collect information about your use of the Website. The data is derived from your activity on the Website and includes such information as:
- your Website personal settings;
- your payments, refunds, subscriptions, search history;
- your activity logs;
- information you provide when you request information or support from us;
- your recommendations on how to improve our Services.
Gameplay Data:
- steam ID and FACEIT level;
- your activity logs;
- your gameplay statistics;
- chat history
When you make a purchase or request a refund within our Services you disclose your payment credentials directly to a respective payment service provider. Payment service providers process your payment data under their privacy policies.
We may receive from our payment partners and process a part of your credit card number, information about your credit card issuer. For billing purposes, we may collect your email.
If the processing of Personal Data is carried out based on your consent, you have the right to withdraw it at any time by sending us a request to [email protected] or following the instruction given in our Cookie Policy.
Our legitimate interests are:
- to develop, improve and deliver our Services;
- to make our Services known and popular in the gaming industry;
- to make the use of our Services secure for the Users;
- to prevent fraud and other illegal use of our Services.
We may combine all the information we collect from or receive about you for the outlined purposes. We may aggregate or de-identify your information and may use or share aggregated or de-identified information for any purpose, and such information is not subject to this Privacy Policy.
We do not sell Personal Data. We may disclose Personal Data to the following parties:
We store your Personal Data as necessary for providing you the Service, compliance of our legal obligations, fulfillment of our legitimate interests, or during the validity of your consent as stated in this Privacy Policy. As soon as information stops serving these purposes we delete it. After you close your account and/or upon your request we will delete and/or anonymize your Personal Data without undue delay, but no later than 30 days. We will keep some Personal Data that we are allowed or required to maintain, in such cases as:
- If there is an unresolved issue relating to your account, such as an unresolved claim and/or dispute - we will retain the necessary Personal Data until the said issue is resolved;
- Where necessary to comply with legal, tax, audit, and accounting obligations and/or any other legal obligation, we will retain the necessary Personal Data for the period required by the applicable law;
- Where necessary to fulfill our legitimate interests such as fraud prevention and/or maintenance of our Users' security.
Right to access your Personal Data - You may request a copy of your Personal Data and/or the way we store your Personal Data.
Right to rectification - you may request to change some of your Personal Data and/or correct your Personal Data if this is inaccurate.
Right to erasure - you may request to delete all or some of your Personal Data, for example, if:
- they are no longer needed for any processing purposes
- consent has been used as a legal basis for their processing
- there is no legitimate interest in the further processing of Personal Data
Right to object - you may object to the processing of your Personal Data on grounds relating to your particular situation and/or to object processing your Personal Data for direct marketing purposes.
Right to object to automated processing - you may object to a decision based on automated processing. This means that you may request to review your Personal Data manually if you believe that automated processing of your Personal Data may not consider your unique situation.
Right for data portability - you may request to provide you a copy of your Personal Data in a structured, commonly used, and machine-readable format (e.g. xml, csv). Furthermore, you have the right to request to transmit the said Personal Data directly to another controller.
Right to lodge a complaint - you have the right to lodge a complaint with a supervisory authority, in particular to the member state of the European Union of your habitual residence, place of work, or place of the alleged infringement.
If you are a California resident, you additionally may request from us the following information:
- The categories of Personal Data we have collected about you;
- The categories of sources from which the Personal Data was collected;
- The categories of Personal Data about you we disclosed for a business purpose or sold;
- The categories of third parties to whom the Personal Data was disclosed for a business purpose or sold;
- The business or commercial purpose for collecting or selling the Personal Data;
- The specific pieces of your Personal Data we have collected.
If you are a California resident under 18 years old, you may request to remove any content or information you have posted on the Services.
To exercise any of these rights please contact us via online chat or by email at [email protected]. For security purposes, before exercising any of your rights we may ask you to prove your identity.
In the past 12 months, we have collected the following categories of Personal Data listed in the CCPA:
- Identifiers, including name, email address, and online identifiers (such as IP address).
- Customer records, including credit or debit card information.
- Commercial or transaction information, including records of products or services, purchased.
- Internet activity, including interactions with the Website, or advertisements.
- Inferences, drawn from the above information about your predicted characteristics and preferences.
We do not sell Personal Data as the term “sell” is traditionally understood. Although to the extent the term “sale” is interpreted under the CCPA, the fact that we use third-party cookies may be understood as a sale. We disclose the following categories of personal information: identifiers, commercial or transaction information, internet activity, and inferences drawn to Google Analytics, Yandex.Metrica, mixpanel, Facebook, TikTok, VKontakte (Third-party services). We share Personal Data with Third-party services upon service contracts (Third-party services’ terms of use) solely for the purpose of improving the service, website functionality, and providing you personalized content and ads. If you do not want your Personal Data to be used for these purposes, press DO NOT SELL MY DATA.
A Personal Data breach may, if not addressed in an appropriate and timely manner, result in a physical, material, or non-material risk to your rights and freedoms. Therefore, as soon as we become aware that a Personal Data breach has occurred, we will notify the Personal Data Breach to the Commissioner for Personal Data Protection without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless we are able to demonstrate, following the accountability principle, that the Personal Data breach is unlikely to result in a risk to your rights and freedoms. Where such notification cannot be achieved within 72 hours, the reasons for the delay should accompany the notification without undue further delay.
We do not knowingly collect Personal Data from children, or process such information, without parental consent. For the purpose of this Privacy Policy, a child means any individual who is under 13 in the United States or under 16 in the European Union (or the minimum legal age to consent to the collection and processing of Personal Data where this is different under applicable law). If you are a parent or guardian and believe your child has provided us with personal information without consent, please contact us at [email protected].
We may transfer Personal Data to data controllers and processors established outside the European Union (the “EU”) or European Economic Area (“the EEA”) for the purposes stipulated in this Privacy Policy. The countries where the data may be transferred may not provide an adequate level of protection.
To ensure that the Personal Data is safeguarded, stored, and processed in a secured way we use Standard contractual clauses (SCC) adopted by the European Commission as a mechanism to transfer data from the EU countries. Our partners established in countries with an inadequate level of protection of personal data have adopted SCC, as appropriate, to ensure confidentiality, security, and legality of the processing of your personal data.
We may amend this Privacy Policy from time to time. We will post any changes to the Privacy Policy. By continuing to use our Services, you acknowledge that you are familiar with the updated Privacy Policy. We encourage you to review our Privacy Policy before using the Services and/or accessing the Website and promptly read the updates.