Privacy Policy

1.1 This Privacy Policy explains how the legal entity identified on the Platform, in checkout, or in the legal notices section as the operator of BuyTheWin for the relevant service, region, or payment flow collects, uses, shares, stores, protects, and otherwise processes personal data when you visit https://buythewin.com, create an Account, place or manage an Order, communicate through chat or support, apply for a professional or partner role, interact with our marketing, or otherwise use our Services.

1.2 This Privacy Policy should be read together with the General Terms and Conditions and the Cookie Policy. If there is a direct conflict regarding personal data processing, this Privacy Policy controls for that subject matter. If the issue relates specifically to cookies or similar technologies, this Privacy Policy and the Cookie Policy apply together.

1.3 Capitalized terms used but not defined in this Privacy Policy have the meaning given to them in the General Terms and Conditions.

2.1 Unless a more specific privacy notice or checkout disclosure states otherwise, the controller of personal data processed through the Services is the legal entity identified on the Platform, in checkout, or in the legal notices section as the operator of BuyTheWin for the relevant service, region, or payment flow. Website: https://buythewin.com.

2.2 Main privacy contact: support@buythewin.com, or any dedicated privacy address published on the Platform by the relevant operator.

2.3 If we appoint or are required to appoint a DPO, EU representative, or UK representative, the relevant contact details will be published on the Platform or in a supplemental privacy notice.

3.1 This Privacy Policy applies to personal data processed through the website, related sub-pages, account areas, checkout and order workflows, chat and support tools, rewards or cashback features, cookie settings, marketing flows, professional or partner onboarding flows, and any related services that BuyTheWin controls.

3.2 This Privacy Policy does not apply to third-party websites, payment services, game publishers, social platforms, app stores, or other services that BuyTheWin does not own or control, even if they are linked from the Platform.

4.1 Account and login data, such as your email address, password hash, account identifier, sign-up and sign-in timestamps, verification status, and account settings.

4.2 Profile and preference data, such as language, currency, region, saved preferences, favorites, rewards or cashback participation, and other settings you choose to store.

4.3 Order and service data, such as the selected game, service type, order details, pricing, delivery parameters, service instructions, progress records, completion records, internal review records, and dispute history.

4.4 Game-related data you choose to provide, which may include in-game profile information, character information, platform identifiers, and, where required to perform a Service, account access details or other access-related instructions.

4.5 Payment and transaction data, such as billing amounts, currency, payment status, transaction identifiers, processor references, chargeback or dispute information, and limited payment metadata received from processors. We do not intentionally store full payment card numbers, CVV codes, or equivalent secret payment credentials.

4.6 Communication data, such as support tickets, order chat messages, dispute correspondence, appeal submissions, survey responses, and emails exchanged with us.

4.7 Technical and usage data, such as IP address, browser type, device information, operating system, timestamps, log data, referral source, and interactions with our website or account area.

4.8 Cookie and similar technology data, including data associated with strictly necessary, functionality, analytics, and marketing technologies in accordance with your choices and applicable law.

4.9 Marketing and attribution data, such as newsletter preferences, promotional consent records, campaign attribution data, and engagement with advertising or promotional communications.

4.10 Professional, creator, affiliate, or partner onboarding data, if you apply to become a booster, coach, seller, creator, influencer, affiliate, or another professional or partner role. This may include additional profile, onboarding, verification, performance, payout, tax, and compliance information relevant to that role.

4.11 We ask you not to share unnecessary sensitive personal data through chat, support, or order notes. Unless specifically required by law or necessary for a stated purpose, we do not intentionally seek to collect special categories of personal data.

5.1 We collect personal data directly from you when you create an Account, sign in, place an Order, submit instructions, provide game or account identifiers, provide access information for access-based Services, communicate with support, use chat, respond to surveys, subscribe to marketing, or apply for a professional or partner role.

5.2 We collect certain data automatically when you browse or use the Services, including technical logs, cookies, and interaction data.

5.3 We may receive data from third parties when you choose to sign in using Google, Discord, or another social sign-in option, or when payment processors, fraud-prevention providers, analytics providers, advertising tools, or service partners send us data necessary to operate the Services.

5.4 In some cases, we may receive personal data from other users, affiliates, or partners if this is necessary to process a referral, resolve a dispute, investigate abuse, prevent fraud, or deliver a requested Service.

6.1 Where the GDPR, UK GDPR, or similar laws apply, we process personal data on the basis of contract performance, legal obligations, legitimate interests, and consent, depending on the purpose.

6.2 We use personal data to create and manage your Account, authenticate you, verify your email address, maintain access to the Platform, and administer the Services. The main legal basis is performance of a contract.

6.3 We use personal data to process Orders, coordinate delivery through assigned Service Providers or internal fulfillment personnel, administer the order lifecycle, provide order-related communications, record Proof of Completion, and handle completion, review, or dispute workflows. The main legal basis is performance of a contract.

6.4 We use personal data to process payments, detect failed or suspicious transactions, handle refunds, disputes, and chargebacks, keep accounting and tax records, and comply with legal requests. The legal bases are performance of a contract, legal obligations, and legitimate interests.

6.5 We use personal data to provide support, respond to inquiries, investigate complaints, review appeals, and resolve service issues. The legal bases are performance of a contract and legitimate interests.

6.6 We use personal data to maintain platform security, prevent fraud, abuse, account misuse, spam, and other harmful activity, conduct identity or risk reviews where appropriate, investigate possible unauthorized account use, and enforce our legal documents. The legal bases are legitimate interests and, where necessary, legal obligations.

6.7 We use personal data to analyze service quality, improve user experience, monitor website performance, develop new features, and keep records of how the Platform is used. The legal basis is legitimate interests, and where tracking depends on non-essential technologies we will rely on consent where required by law.

6.8 We use personal data to send service messages, security alerts, policy updates, and other non-marketing operational communications. The legal bases are performance of a contract and legitimate interests.

6.9 We use personal data to send newsletters, promotions, personalized offers, or other marketing communications where permitted by law. The legal basis is consent or legitimate interests where local law allows, and you may opt out at any time.

6.10 We use personal data for professional, affiliate, creator, or partner onboarding and relationship management, including verification, quality monitoring, payout administration, tax handling, and compliance checks where relevant. The legal bases depend on the context and may include contract performance, legal obligations, legitimate interests, and consent.

7.1 If you choose to sign in using Google, Discord, or another third-party provider, we may receive the basic account information that the provider makes available to us for authentication and account-linking purposes. Your use of those providers is also subject to their own privacy policies and terms.

7.2 Payments may be processed by independent third-party payment processors, including card, crypto, wallet, installment, or alternative payment providers made available at checkout. Those providers process payment information in accordance with their own notices. We typically receive transaction confirmations, payment status, limited billing metadata, fraud-screening outcomes, and similar records needed to manage Orders and comply with our obligations.

7.3 Because BuyTheWin operates an active platform workflow, we may share necessary instructions, access information, order metadata, proof materials, and delivery-related communications with the assigned Service Provider and relevant internal reviewers only to the extent reasonably necessary to fulfill the Order, investigate an issue, review completion, prevent fraud, or resolve a dispute.

7.4 Order chats, support tickets, and completion or dispute materials may be reviewed and stored for quality control, training, fraud prevention, compliance, and dispute resolution purposes.

8.1 We do not sell personal data. We share personal data only where reasonably necessary for the operation of the Services, for legal compliance, or for other legitimate business purposes.

8.2 We may share data with payment processors, fraud-prevention providers, banks, crypto-payment providers, and dispute-management services.

8.3 We may share data with hosting, cloud, infrastructure, storage, CDN, monitoring, security, and software providers; customer support, live chat, CRM, ticketing, email-delivery, and communication providers; and analytics, attribution, and advertising partners, subject to your cookie and marketing choices and applicable law.

8.4 We may share data with social sign-in providers when you choose to use their authentication services, and with assigned professionals, boosters, coaches, sellers, or other service partners to the extent needed to fulfill your Order, review completion, prevent abuse, or communicate about service delivery.

8.5 We may share data with professional advisers, auditors, insurers, legal counsel, potential investors or acquirers, and other consultants acting under confidentiality or equivalent obligations.

8.6 We may disclose data to courts, regulators, law enforcement, tax authorities, payment networks, game publishers, or other public or private bodies where disclosure is required by law or reasonably necessary to protect rights, prevent fraud, investigate abuse, or maintain the integrity of the Platform.

8.7 Where required by law, we will obtain your consent before sharing personal data for optional advertising or similar purposes.

9.1 We or our service providers may process or store personal data in the country where you are located, in the European Economic Area, the United Kingdom, the United States, the United Arab Emirates, or other jurisdictions where we or our service providers operate.

9.2 When personal data is transferred across borders, we take steps designed to ensure an adequate level of protection, including the use of adequacy decisions, standard contractual clauses, contractual confidentiality and security commitments, and other safeguards required by applicable law.

10.1 We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including account administration, service delivery, payment reconciliation, fraud prevention, customer support, dispute handling, legal compliance, and defense of claims.

10.2 As a general schedule, unless a longer period is required or permitted by law: account and profile data are typically retained while your Account remains active and for a reasonable period afterward for reactivation, security, fraud, and dispute purposes; order, transaction, support, and dispute records are generally retained for up to 6 years after the relevant Order or interaction; security, verification, and anti-fraud records are generally retained for up to 5 years after the relevant event; marketing consent and suppression records are generally retained until you unsubscribe or withdraw consent and for a reasonable compliance period afterward; and cookie-preference records are retained in line with the consent tool and applicable law, generally not longer than 13 months unless a different lawful period applies.

10.3 Where data is no longer required, we will delete, anonymize, or securely archive it. Aggregated or anonymized information that no longer identifies you may be retained for longer.

11.1 We use reasonable technical, organizational, and contractual measures intended to protect personal data against unauthorized access, alteration, disclosure, destruction, and other unlawful processing. These measures may include access controls, role-based permissions, secure payment integrations, monitoring, logging, encryption in transit where appropriate, and vendor due diligence.

11.2 No method of transmission over the internet or method of electronic storage is completely secure. We therefore cannot guarantee absolute security, and you should also take steps to protect your Account credentials and devices.

12.1 Depending on your location and applicable law, you may have the right to request access to the personal data we hold about you; request correction of inaccurate or incomplete data; request deletion where deletion is available under applicable law; request restriction of processing in certain circumstances; object to processing based on legitimate interests, including direct marketing; withdraw consent at any time where processing is based on consent; request portability of certain personal data; and lodge a complaint with a competent supervisory authority.

12.2 To exercise your rights, please contact us through the privacy contact details above. We may request information necessary to verify your identity before fulfilling a request.

12.3 If you are in the EEA or UK, you may also lodge a complaint with the supervisory authority in your habitual place of residence, place of work, or the place of the alleged infringement, subject to applicable law.

13.1 Our Services are not directed to children under 13, and we do not knowingly collect personal data from children in violation of applicable law.

13.2 If you are below the age at which you may lawfully use the Services without parental or guardian authorization under the law that applies to you, do not use the Services unless that authorization has been properly obtained.

13.3 If you believe that a child or minor has provided personal data to us unlawfully, please contact us and we will review the matter and take appropriate action.

14.1 The Services may contain links to third-party websites, payment pages, publisher websites, social platforms, or external tools. We are not responsible for the privacy practices of third parties, and you should review their privacy notices separately.

14.2 Please avoid sharing unnecessary sensitive information in chat, support messages, or other communications. If parts of the Services allow information to be displayed to other users or assigned professionals, anything you choose to disclose may be visible to those recipients to the extent necessary for service delivery.

14.3 We may update this Privacy Policy from time to time to reflect changes to our Services, operations, technologies, or legal requirements. When we make material changes, we may provide notice through the website, your Account, email, or another appropriate method. The 'Last updated' date at the top of this Privacy Policy shows when this version was last revised.

15.1 If you have questions, requests, or complaints relating to this Privacy Policy or our handling of personal data, please contact the relevant BuyTheWin operator through support@buythewin.com, through any dedicated privacy contact published on the Platform, or through the legal notices/contact details published for the relevant operator.

15.2 DPO or representative contact (if applicable): the relevant details will be published on the Platform or in a supplemental privacy notice.