1. Data We Collect
We collect only what’s necessary to deliver our services and comply with legal obligations:
- Account Details: Username, email, hashed password.
- Profile Data: Avatar, preferences, game history.
- Transaction Data: Purchase records, billing address (for tax compliance).
- Usage & Technical Data: IP address, device/browser type, log files, crash reports.
- Support & Communications: Chat logs, support tickets.
Legal basis: We process your data under consent, contract performance, and legitimate interests (e.g., fraud prevention, service improvement) in line with Article 6 UK GDPR.
2. How We Use Your Data
We use your information for:
- Providing and improving the platform (Article 6(1)(b)).
- Processing payments and preventing fraud (Article 6(1)(b), Article 6(1)(f)).
- Sending transactional emails (account alerts, receipts).
- Marketing only with your opt-in consent (Article 6(1)(a)).
- Customising recommendations and offers.
- Ensuring security and detecting abuse.
We will never use your data for purposes beyond those disclosed without obtaining new consent.
3. Sharing & Disclosures
We limit sharing to:
- Service Providers: Payment processors (Stripe, PayPal), hosting (AWS, Cloudflare). They act as data processors under written contracts.
- Legal Obligations: Disclosure to comply with court orders or prevent crime.
- Business Transactions: In merger or sale, subject to confidentiality and data protection commitments.
We do not sell or rent your personal data to marketers.
4. International Transfers
Your data may be stored or processed outside the UK. We ensure adequate protection by:
- Using UK-approved Standard Contractual Clauses.
- Working only with providers certified under EU/UK privacy frameworks.
5. Your Rights Under UK GDPR
You have the right to:
- Access: Request a copy of your personal data.
- Rectification: Correct inaccurate or incomplete data.
- Erasure: “Right to be forgotten” where no legal requirement to retain data.
- Restriction: Temporarily limit processing if accuracy disputed.
- Portability: Receive data in a common, machine-readable format.
- Object: Stop processing based on legitimate interests or marketing.
- Withdraw Consent: At any time for consent-based processing.
To exercise these rights, contact us at privacy@plinkoframex.it.com.com. We respond within one month per ICO guidance.
6. Data Retention
- Account & Profile: Until you close the account, plus 1 year for recovery.
- Transaction Records: 7 years for tax/law compliance.
- Support Logs: 3 years to improve service quality.
After retention periods, data is securely deleted or anonymised.
7. Security Measures
To keep your data safe, we implement:
- End-to-end encryption (TLS 1.3) in transit.
- AES-256 encryption at rest for sensitive fields.
- Regular penetration tests and vulnerability scans.
- Strict access controls and employee training.
- Breach response plan with ICO notification within 72 hours if required.
8. Cookies & Tracking
We use cookies as detailed in our Cookie Policy. You control them via browser settings or our preference centre.
9. Children’s Privacy
Our services require users to be 13+. We do not knowingly collect data from under-13s. If discovered, we delete it immediately and notify guardians if needed.
10. Changes to This Policy
We may update this policy to reflect legal or operational changes. Material updates will be emailed or flagged on-site. Continued use implies acceptance.