DATA PROTECTION

Data Protection Policy – ControllerHub

1. General Introduction

This Data Protection Policy describes how personal data is collected, processed, and protected in relation to services provided by our game store. As a digital and physical distribution platform for video games, gaming accessories, in-game content, subscriptions, and related products, we are committed to maintaining the confidentiality, integrity, and availability of user data. Our practices are guided by international data protection standards and aim to foster user trust through transparency and accountability.

2. Scope of Policy

This policy applies to all individuals who interact with our game store in any way, including browsing our website or mobile app, creating an account, making purchases, participating in loyalty programs, entering sweepstakes or tournaments, contacting customer service, or signing up for promotional messages. It includes both online and in-store activities wherever data is collected or processed.

3. What Data We Collect

We collect a variety of information in order to facilitate purchases, enhance the user experience, and ensure security. The types of data include:

  • Account Information: full name, email address, username, and password.
  • Contact Details: shipping address, billing address, and phone number.
  • Purchase History: items bought, purchase date, payment method (non-sensitive), and delivery status.
  • Device and Technical Data: IP address, browser version, operating system, time zone, and language settings.
  • Gaming Preferences: favorite genres, platform preferences (PC, console, mobile), wishlists, and reviews.
  • Customer Support Records: communication logs, support tickets, and feedback.
  • Behavioral Analytics: time spent on pages, navigation patterns, cart abandonment, and click behavior.

Data may be collected directly or indirectly through our systems and technology.

4. How We Collect Data

We obtain personal data through:

  • User-submitted forms: account registration, checkout, returns, or newsletters.
  • Automated systems: analytics tools, cookies, and session tracking for usability purposes.
  • Loyalty and rewards programs: collecting points or redeeming in-game content.
  • Customer support: interactions through chat, phone, or email.

Data is only collected when necessary for the functioning of our services or when the user voluntarily provides it.

5. Why We Process Your Data

Your data enables us to:

  • Process orders: verify payments, fulfill purchases, and deliver games or merchandise.
  • Provide customer support: answer questions, resolve issues, and handle returns or refunds.
  • Manage user accounts: save preferences, track activity, and update information.
  • Customize your experience: recommend products, display relevant offers, and personalize content.
  • Ensure platform security: detect fraud, prevent abuse, and protect digital rights.
  • Comply with legal obligations: retain purchase records, respond to regulatory inquiries, and enforce terms.

We process only what is relevant and proportionate to the services you use.

6. Legal Bases for Processing

We rely on the following legal bases when processing personal data:

  • Contractual Obligation: data necessary to complete transactions or deliver services.
  • Legitimate Interest: analyzing trends, improving user interface, and securing our systems.
  • User Consent: for promotional emails, marketing preferences, or optional surveys.
  • Legal Requirements: obligations related to financial reporting, tax compliance, and consumer rights.

Users may withdraw consent at any time for optional data processing.

7. Data Retention Period

We retain personal data only for as long as necessary to fulfill its intended purpose, unless a longer retention is required by law. Examples include:

  • Accounts: data retained until account deletion.
  • Orders: purchase records kept for legal and accounting compliance (e.g., 5–7 years).
  • Support Inquiries: stored for up to 2 years for reference and quality control.
  • Marketing Preferences: retained until users opt out.

When data is no longer needed, we securely delete or anonymize it.

8. Data Security Measures

We implement a range of technical and organizational measures to secure personal data:

  • Encryption: protects sensitive data in storage and transmission.
  • Access Controls: restrict access to authorized personnel only.
  • Firewall Protection: safeguards servers from unauthorized access.
  • Monitoring and Alerts: systems for detecting unusual activity.
  • Data Backup: regular backups and disaster recovery protocols.

Users are advised to keep their credentials confidential and change passwords regularly.

9. Sharing of Personal Data

We do not sell or rent personal information. However, data may be shared in limited scenarios:

  • Payment Processors: secure platforms that handle transactions without storing full payment details.
  • Shipping Partners: logistics providers receive delivery addresses and contact info to fulfill orders.
  • IT and Analytics Providers: help us maintain system performance and customer behavior insights.
  • Fraud Prevention Services: identify and mitigate suspicious activity or duplicate accounts.
  • Legal and Regulatory Authorities: in response to lawful requests or investigations.

All third parties are bound by confidentiality agreements and data protection clauses.

10. International Data Transfers

As part of our services, some data may be stored or processed in other countries. To ensure adequate protection, we apply:

  • Data protection agreements: with vendors who process data on our behalf.
  • Security assessments: of external systems or cross-border platforms.
  • Compliance with applicable laws: ensuring consistency across jurisdictions.

Your data remains subject to the same protection regardless of location.

11. User Rights

You have the following rights in relation to your personal data:

  • Right to Access: view what data we hold about you.
  • Right to Correction: amend inaccurate or incomplete data.
  • Right to Deletion: request data erasure unless legally required to retain it.
  • Right to Restriction: limit how we process certain categories of data.
  • Right to Object: stop data used for direct marketing or profiling.
  • Right to Portability: receive a copy of your data in a structured, machine-readable format.

Requests can be made through your account settings or by contacting our privacy team.

12. Children’s Data

Our game store is not intended for children under the age of 13 (or the age defined by local laws). We do not knowingly collect or process data from minors without verifiable parental consent. If such data is discovered, it will be promptly deleted.

13. Automated Decisions and Profiling

We may use algorithms to recommend games or suggest deals based on past behavior or preferences. However, we do not make decisions solely based on automated processing that produce legal or significant effects. All such systems are reviewed for fairness and accuracy.

14. Policy Updates

This Data Protection Policy may be updated to reflect technological advances, changes in legal obligations, or adjustments in our service offerings. Updates will be communicated through our website or app, and the "Last Updated" date will be revised accordingly. Continued use of our services signifies agreement with the revised terms.

15. Contact Us

If you have questions, concerns, or requests related to this Data Protection Policy or your personal data, you may contact our data privacy team at:

ControllerHub
Data Protection Office
Aviemore Drive, Highland Park, Auckland 2010, New Zealand
[email protected]

We are committed to handling all inquiries efficiently and respectfully, and we thank you for placing your trust in our game store.