Battlenet Gaming Stations | Stores’ Privacy Policy

Last updated: 06/16/2025

 

Protecting your personal data is a priority for us. This policy explains what data we collect, how we use it, with whom we share it and what rights you have, in accordance with the General Data Protection Regulation (GDPR – EU 2016/679).

 

 

1. What data do we collect?

During registration (the asterisk * indicates mandatory data):


– First name*, Last name*
– Date of Birth*
– Email
– Mobile Phone*
– Gender*
– Identification Details  – Photo* (taken on site)
– If you smoke

 

After registration:


– Visit history
– Time spent
– Software activity & preferences (e.g. games/programs used)

 

2. How we use your data (purpose of processing)


– Member account management & billing
– Statistical analysis of usage
– Marketing/promotions on third-party platforms
– Sending informative SMS/offers

 

3. To whom is the data shared

We may share data with third-party services for the above purposes:

– SMS Center: Name, Surname, Phone

– META (Facebook, Instagram): Phone, Email, Location

– ByteDance (TikTok): Phone, Email, Location

– Mailchimp: Name, Surname, Email

– Google: Phone, Email, Location

– Apifon: Name, Surname, Phone 

– Manychat: Name, Surname, Email, Phone

– Lancom: Name, Surname – Date of Birth, Email, Mobile Phone, Gender, Identity Details, Photo, If you smoke

– Esports Cafe PC: Name, Surname – Date of Birth, Email, Mobile Phone, Gender, Identity Details, Photo, If you smoke

 

4. Retention period

Personal data are kept only for the time necessary to fulfill the purpose of processing. After its expiration, or upon your request for deletion, they are permanently deleted or anonymized.

In case of deletion request:

– The process may include contacting the individual for identification and confirmation of the request.

– All personal information of the user is deleted from all platforms (analytics, production systems, etc.).

– Only anonymous traffic data is retained, without connection to personal information.

– For the general security of the systems and data hosted, there are backup systems that retain the data for a further period of up to 2 months from the deletion request.

 

At the end of this period, the data is automatically and completely deleted.

 

5. Your rights


According to the GDPR, you have the following rights:

– Access to your data
– Rectification or erasure
– Restriction of processing
– Objection to processing
– Data portability
– Withdrawal of consent (where applicable)

You can exercise your rights by sending an email to [email protected]

 

6. Who has access to the data?

Access to customers’ personal data is exclusively granted to individuals who need it to perform their duties, such asthe data controller who determines the purposes and means, any external processors (e.g. cloud provider, accounting firm, etc.) who process data under a contract, as well as authorized store employees exclusively under the principle of least privilege and with activity logging.

 

7. Data security


The protection of your personal data is our top priority. We take technical and organizational measures such as:

– Controlled access to databases (login & access levels)
– Graded user rights, depending on the role (e.g. store employees, central management team, marketing team, etc.)
– Recording and monitoring of suspicious login attempts
– Backups of the infrastructure, with automated deletion within a specific timeframe framework

 

8. In the event of a data breach (Data Breach)


In the event of a security breach that may lead to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data, we follow the actions provided for in accordance with the General Data Protection Regulation (GDPR):

  • Recording the incident and assessing its nature, extent and consequences.
  • Inform the competent supervisory authority (Personal Data Protection Authority) within 72 hours from the moment we become aware of the breach, if there is a risk to the rights and freedoms of natural persons.
  • Immediately take damage limitation measures, such as restoring system security or restricting access.
  • Inform data subjects (users) without undue delay, when the breach is likely to result in a significant risk to their rights (e.g. loss of data control, financial loss, etc.).
  • Review security measures and implement corrective actions to prevent future incidents.

All actions are documented internally to ensure accountability and compliance with the GDPR.