DATE OF LAST REVISION: 25.06.2022
By Personal Data or Data, we mean any information that can either identify you as an individual or that can be connected to you indirectly, that we may collect, retain, process, share, and transfer when you visit our Website and/or Application and use RL.Exchange Service.
DATA CONTROLLER DETAILS
Virtual Asset Empire Ltd,
13 Kypranoros Str.,
Evi Building, 1st Floor, Office 102,
1061 Nicosia, Cyprus
Under the arrangement between the companies of RL.Exchange, VIRTUAL ASSET EMPIRE LTD is responsible for exercising of the rights of the data subjects and for provision of the information to the data subjects who can use VIRTUAL ASSET EMPIRE LTD as a contact point.
DATA PROTECTION OFFICER
You may contact the Data Protection Officer of RL.Exchange with regard to all issues related to the processing of your Personal Data and to the exercise of your rights under GDPR using the following contact details:
VIRTUAL ASSET EMPIRE LTD
Virtual Asset Empire Ltd, 13 Kypranoros Str., Evi Building, 1st Floor, Office 102, 1061 Nicosia, Cyprus
PERSONAL DATA WE COLLECT FROM YOU
Basic Account Data
This is the Personal Data that is provided by you or collected by us to enable you to sign up for and use the Service.
Personal Data collected from third parties
When you sign in to RL.Exchange through your Steam account we receive User data from a third party, namely, Valve Corporation. The Personal Data we receive is Steam ID, avatar, username. We will be able to identify your Steam community profile and access public information related to your Steam account, including the list of your virtual items.
Personal Data collected directly from you
Additionally, we will ask you to provide your email in order to create your account and communicate with you the latest news about our Service.
Once you sign in, your RL.Exchange Account will be automatically created and assigned with an Account ID (the "RL.Exchange ID") that is later used to reference your RL.Exchange Account without directly exposing your personal information. You also have the option to provide us with additional Personal Data in order to make your account more personalized.
The Personal Data collected directly and/or indirectly when you are accessing and/or using the Service via Application and/or Website are the following:
IP address and location info (country, city, etc);
Device information (screen size, OS, browser information);
OS information (name, version, language);
Information sent by you in the form of messages in the online chat with technical support. Information transmitted in support chat is confidential and protected;
Information you may provide when you pay for a virtual item purchase a product or service from us, including information necessary to process your orders with the relevant payment merchant, which may include the amount of any transaction, but will not include your financial information, which will only be submitted directly to the payment merchant under secure protocols;
Log data related to your activity on RL.Exchange Website.
Anonymous data. RL.Exchange also processes anonymous data, aggregated or not, to analyze and produce statistics related to the habits, usage patterns, and demographics of customers as a group and/or as individuals. Such anonymous data does not allow the identification of the Users to which it relates. RL.Exchange may share anonymous data, aggregated or not, with third parties.
Payment and Purchase Data
Purchase Data is the Personal Data that you provide for the purposes of signing up for our paid plans to access additional features/functionality, or to make any purchases through RL.Exchange.
The Personal Data such as your name, financial information, or cardholder data, and any other billing information, will be submitted directly to, processed, and stored by the respective Payment Service provider upon your consent to their privacy policies.
We may receive Personal Data from our payment partners such as the sum of payment to enable us to send you invoices, process your payment, and provide you with what you've purchased.
In the event you want to perform certain transactions on the Website or Application, you might be required to go through the KYC (Know-Your-Client) procedure, which is carried by third-party identification service provider during which it will collect from you the following information and documents:
- First and last name;
- Date of birth;
- ID document (i.e. passport) number
- Copy of your ID document
- Picture of you holding ID document
- Utility bill
- Mobile phone number
SHARING YOUR PERSONAL DATA
RL.Exchange does not sell Personal Data. RL.Exchange may disclose Personal Data to the following parties:
- Payment processors retained by RL.Exchange to process payments of the users of the Services (these companies may be located anywhere in the world but mainly they are located in the European Union);
- Providers of hosting, maintenance, and security services retained by RL.Exchange to run the Website (these companies may be located anywhere in the world but mainly they are located in the European Union);
- Advertising and marketing companies that aggregate Personal Data from different sources to evaluate certain personal aspects relating to the data subject, to perform marketing research and to provide advertising and marketing services to third parties (these companies may be located anywhere in the world but mainly they are located in the European Union);
- Government authorities including tax authorities and police (it may be government authorities of any country but mainly it is government authorities of the European Union);
- Companies providing analytic services such as Google Analytics.
- Valve Corporation in order to perform your exchanges, sales and purchases;
- The companies of RL.Exchange when it is necessary to perform the contract to which the data subject is a party.
- If there is an unresolved issue relating to your account, such as an outstanding credit on your account and/or an unresolved claim and/or dispute we will retain the necessary Personal Data until the said issue is resolved;
- Where we need to retain the Personal Data for our legal, tax, audit, and accounting obligations and/or any other legal obligation, we will retain the necessary Personal Data for the period required by the applicable law;
- Where necessary for the purpose of our legitimate business interests such as fraud prevention and/or to maintain the security of our Users.
Right to access your Personal Data
You have the right to enquire to be provided with a copy of your Personal Data and/or the way that we store your Personal Data and/or erase your Personal Data by sending us a written request in any way possible.
Right to rectification
You have the right to ask us to change some of your Personal Data or contact us with a request to change and/or correct your Personal Data if this is inaccurate.
Request to erasure of Personal Data
You have the right to request us to delete all or some of your Personal Data, for example, if:
- They are no longer needed for any processing purposes;
- Consent has been used as a legal basis for their processing;
- There is no legitimate interest for the further processing of Personal Data;
- They were used for marketing purposes.
Right to object
The right, at any time, to object to us processing your personal data on grounds relating to your particular situation;
The right to object to your personal data being processed for direct marketing purposes.
Right to object to automated processing
You have the right to object to a decision based on automated processing. Using this right, you may request us to review your Personal Data manually, because you believe that automated processing of your Personal Data may not consider the unique situation.
Right for data portability
You have the right to request us to provide you with a copy of your Personal Data in a structured, commonly used and machine-readable format (e.g. xml, csv). Furthermore, you have the right to request us to transmit the said Personal Data directly to another controller.
Right to lodge a complaint
You have the right to lodge a complaint with a supervisory authority, in particular to the member state of the European Union of your habitual residence, place of work or place of the alleged infringement.
To exercise any of the rights please contact us via email: firstname.lastname@example.org.
PERSONAL DATA BREACH
A personal data breach may, if not addressed in an appropriate and timely manner, result in physical, material or non-material risk to your rights and freedoms. Therefore, as soon as we become aware that a personal data breach has occurred, we will notify the personal data breach to the Commissioner for Personal Data Protection without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless we are able to demonstrate, in accordance with the accountability principle, that the personal data breach is unlikely to result in a risk to your rights and freedoms. Where such notification cannot be achieved within 72 hours, the reasons for the delay should accompany the notification without undue further delay.
CROSS-BORDER DATA TRANSFER
We have included in our agreements with data controllers and processors located outside the EU or EEA issued by the European Commission regulating the transfer and processing of Personal Data in order to ensure that the Personal Data is safeguarded, stored and processed in a secured way.
In this respect, we use Standard contractual clauses (SCC) adopted by the European Commission as a mechanism to transfer data from the EU countries. Organizations engaged in the processing of personal data on behalf of RL.Exchange have adopted SCC, as appropriate, in order to ensure confidentiality, security, and legality of the processing of your personal data.