Privacy Policy

DATE OF LAST REVISION: 25.06.2022

INTRODUCTION

This Privacy Policy sets out how, we, RL.Exchange being the Data Controller, are committed to safeguard your privacy and how we collect, retain, process, share and transfer your personal data when you visit the Website and/or the Application and use our Service.

This Privacy Policy does not apply to websites, applications, or services that we do not own or control.

By Personal Data or Data, we mean any information that can either identify you as an individual or that can be connected to you indirectly, that we may collect, retain, process, share, and transfer when you visit our Website and/or Application and use RL.Exchange Service.

Other capitalized terms in this Privacy Policy shall have the meanings defined in the RL.Exchange Terms of Use.

DATA CONTROLLER DETAILS

The following companies of RL.Exchange are joint controllers of Personal Data processed under this Privacy Policy. In this respect, the below companies jointly undertake the processing of the Personal Data.

Virtual Asset Empire Ltd,
13 Kypranoros Str.,
Evi Building, 1st Floor, Office 102,
1061 Nicosia, Cyprus

Under the arrangement between the companies of RL.Exchange, VIRTUAL ASSET EMPIRE LTD is responsible for exercising of the rights of the data subjects and for provision of the information to the data subjects who can use VIRTUAL ASSET EMPIRE LTD as a contact point.

DATA PROTECTION OFFICER

You may contact the Data Protection Officer of RL.Exchange with regard to all issues related to the processing of your Personal Data and to the exercise of your rights under GDPR using the following contact details:

VIRTUAL ASSET EMPIRE LTD
Email: gdpr@rl.exchange
Virtual Asset Empire Ltd, 13 Kypranoros Str., Evi Building, 1st Floor, Office 102, 1061 Nicosia, Cyprus

PERSONAL DATA WE COLLECT FROM YOU

Basic Account Data

This is the Personal Data that is provided by you or collected by us to enable you to sign up for and use the Service.

Personal Data collected from third parties

When you sign in to RL.Exchange through your Steam account we receive User data from a third party, namely, Valve Corporation. The Personal Data we receive is Steam ID, avatar, username. We will be able to identify your Steam community profile and access public information related to your Steam account, including the list of your virtual items.

Personal Data collected directly from you

Additionally, we will ask you to provide your email in order to create your account and communicate with you the latest news about our Service.

Once you sign in, your RL.Exchange Account will be automatically created and assigned with an Account ID (the "RL.Exchange ID") that is later used to reference your RL.Exchange Account without directly exposing your personal information. You also have the option to provide us with additional Personal Data in order to make your account more personalized.

Usage Data

The Personal Data collected directly and/or indirectly when you are accessing and/or using the Service via Application and/or Website are the following:

IP address and location info (country, city, etc);

Device information (screen size, OS, browser information);

OS information (name, version, language);

Information sent by you in the form of messages in the online chat with technical support. Information transmitted in support chat is confidential and protected;

Information you may provide when you pay for a virtual item purchase a product or service from us, including information necessary to process your orders with the relevant payment merchant, which may include the amount of any transaction, but will not include your financial information, which will only be submitted directly to the payment merchant under secure protocols;

Cookies. We use "Cookies", which are text files placed on your computer, and similar technologies (e.g. web beacons, pixels, ad tags and device identifiers) to help us personalize the Service for you, analyze how you use our Service, as well as improve the Service we are offering, improve marketing, analytics and/or enhance the Website and Application functionality and performance. For further information in relation to the use of cookies please visit our Cookies Policy.

Log data related to your activity on RL.Exchange Website.

Anonymous data. RL.Exchange also processes anonymous data, aggregated or not, to analyze and produce statistics related to the habits, usage patterns, and demographics of customers as a group and/or as individuals. Such anonymous data does not allow the identification of the Users to which it relates. RL.Exchange may share anonymous data, aggregated or not, with third parties.

Payment and Purchase Data

Purchase Data is the Personal Data that you provide for the purposes of signing up for our paid plans to access additional features/functionality, or to make any purchases through RL.Exchange.

The Personal Data such as your name, financial information, or cardholder data, and any other billing information, will be submitted directly to, processed, and stored by the respective Payment Service provider upon your consent to their privacy policies.

We may receive Personal Data from our payment partners such as the sum of payment to enable us to send you invoices, process your payment, and provide you with what you've purchased.

KYC Data

In the event you want to perform certain transactions on the Website or Application, you might be required to go through the KYC (Know-Your-Client) procedure, which is carried by third-party identification service provider during which it will collect from you the following information and documents:

  • First and last name;
  • Date of birth;
  • Gender
  • ID document (i.e. passport) number
  • Copy of your ID document
  • Picture of you holding ID document
  • Address
  • Utility bill
  • Citizenship
  • Residence
  • Mobile phone number

SHARING YOUR PERSONAL DATA

RL.Exchange does not sell Personal Data. RL.Exchange may disclose Personal Data to the following parties:

  • Payment processors retained by RL.Exchange to process payments of the users of the Services (these companies may be located anywhere in the world but mainly they are located in the European Union);
  • Providers of hosting, maintenance, and security services retained by RL.Exchange to run the Website (these companies may be located anywhere in the world but mainly they are located in the European Union);
  • Advertising and marketing companies that aggregate Personal Data from different sources to evaluate certain personal aspects relating to the data subject, to perform marketing research and to provide advertising and marketing services to third parties (these companies may be located anywhere in the world but mainly they are located in the European Union);
  • Government authorities including tax authorities and police (it may be government authorities of any country but mainly it is government authorities of the European Union);
  • Companies providing analytic services such as Google Analytics.
  • Valve Corporation in order to perform your exchanges, sales and purchases;
  • The companies of RL.Exchange when it is necessary to perform the contract to which the data subject is a party.

DATA RETENTION

RL.Exchange stores and processes your Personal Data as long as your account exists or as necessary for the operation of our Service, the compliance of our legal and contractual obligations and the protection of its legitimate interests, or during the validity of your consent as stated in this Privacy Policy. After you close your account and/or upon your request we will delete and/or anonymize your Personal Data without undue delay, but not later than 30 day, so that it no longer identifies you, unless we are legally allowed or required to maintain certain Personal Data, including the following:

  • If there is an unresolved issue relating to your account, such as an outstanding credit on your account and/or an unresolved claim and/or dispute we will retain the necessary Personal Data until the said issue is resolved;
  • Where we need to retain the Personal Data for our legal, tax, audit, and accounting obligations and/or any other legal obligation, we will retain the necessary Personal Data for the period required by the applicable law;
  • Where necessary for the purpose of our legitimate business interests such as fraud prevention and/or to maintain the security of our Users.

YOUR RIGHTS

Right to access your Personal Data

You have the right to enquire to be provided with a copy of your Personal Data and/or the way that we store your Personal Data and/or erase your Personal Data by sending us a written request in any way possible.

Right to rectification

You have the right to ask us to change some of your Personal Data or contact us with a request to change and/or correct your Personal Data if this is inaccurate.

Request to erasure of Personal Data

You have the right to request us to delete all or some of your Personal Data, for example, if:

  • They are no longer needed for any processing purposes;
  • Consent has been used as a legal basis for their processing;
  • There is no legitimate interest for the further processing of Personal Data;
  • They were used for marketing purposes.

Right to object

The right, at any time, to object to us processing your personal data on grounds relating to your particular situation;

The right to object to your personal data being processed for direct marketing purposes.

Right to object to automated processing

You have the right to object to a decision based on automated processing. Using this right, you may request us to review your Personal Data manually, because you believe that automated processing of your Personal Data may not consider the unique situation.

Right for data portability

You have the right to request us to provide you with a copy of your Personal Data in a structured, commonly used and machine-readable format (e.g. xml, csv). Furthermore, you have the right to request us to transmit the said Personal Data directly to another controller.

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, in particular to the member state of the European Union of your habitual residence, place of work or place of the alleged infringement.

To exercise any of the rights please contact us via email: gdpr@rl.exchange.

PERSONAL DATA BREACH

A personal data breach may, if not addressed in an appropriate and timely manner, result in physical, material or non-material risk to your rights and freedoms. Therefore, as soon as we become aware that a personal data breach has occurred, we will notify the personal data breach to the Commissioner for Personal Data Protection without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless we are able to demonstrate, in accordance with the accountability principle, that the personal data breach is unlikely to result in a risk to your rights and freedoms. Where such notification cannot be achieved within 72 hours, the reasons for the delay should accompany the notification without undue further delay.

CHILDREN'S PRIVACY

Our Service is strictly restricted to Users who are 16 years of age or older. We do not knowingly collect or solicit Personal Data from any User under the age of 16 or knowingly allow such persons to use our Service. If we find out that we have collected the Personal Data of a User under the age of 16, we will delete the account and respective Personal Data as quickly as possible in accordance with the applicable legislation. If you are a parent or legal guardian and believe that we might have collected and/or processed any Personal Data from or about a child under the age of 16, please contact us. A child for the purposes of this Privacy Policy, means any person who is under the age of 16.

CROSS-BORDER DATA TRANSFER

RL.Exchange may transfer Personal Data to data controllers and processors established outside the European Union (the "EU") or European Economic Area ("the EEA") for the purposes stipulated in this Privacy Policy.

We have included in our agreements with data controllers and processors located outside the EU or EEA issued by the European Commission regulating the transfer and processing of Personal Data in order to ensure that the Personal Data is safeguarded, stored and processed in a secured way.

In this respect, we use Standard contractual clauses (SCC) adopted by the European Commission as a mechanism to transfer data from the EU countries. Organizations engaged in the processing of personal data on behalf of RL.Exchange have adopted SCC, as appropriate, in order to ensure confidentiality, security, and legality of the processing of your personal data.

CHANGES TO THIS PRIVACY POLICY

We may amend this Privacy Policy from time to time. We will post any changes in relation to the Privacy Policy and, if the changes are significant, we will notify you accordingly by email. We encourage you to review our Privacy Policy before using the Service and/or access the Website and/or the Application.