The protection of your data is of utmost importance to us. We have established security and confidentiality rules to ensure the best possible protection of your data. We need to collect certain information when you order. However, personal data is not collected without your prior consent.
These rules apply to all employees of the company.
Website Privacy Notice
- About Us
This website is operated by PYBE OÜ, a private company incorporated under the laws of Estonia with registration number 16150380 and whose registered office is located at Sepapaja tn 6 Tallinn Harjumaa 15551 Estonia (“Lexup”, “we”, “us”, “our”).
The www.Lexup.com website and our mobile applications (“Website”) contain a variety of digital content, for example downloadable game titles and other downloadable content (“Content”). We sell official keys on the Website, issued by the publisher and/or developer of the relevant Content (“Developer”), which allow the user to unlock, access and download the relevant Content from the Developer’s platform (“Code(s)”). We are not the Developer of the Content and we do not own or operate the Developer’s platform.
- To whom does this privacy notice apply?
This privacy notice applies to people who access, browse and use our website. Its purpose is to give you information about how we collect and process your personal data when you use the website. We collect personal data when you access our website, when you register on our website, when you contact us, when you send us feedback and product reviews, when you purchase Codes and other products on our website, when you post materials on our website, when you request marketing updates, and when you participate in promotions, surveys, affiliate or partner programs on our website.
If you are a partner of Lexup, this privacy notice applies to you as it does to any other user of the website. However, we will also process certain personal data about you in order to perform our partnership agreement with you.
It is important that you read this privacy notice and any other privacy notice or fair processing policy we may provide on specific occasions when we collect or process personal data about you, so that you know how and why we use your personal data.
- Links to third parties
- Types of personal data we process
“Personal data” is information about an individual from which that person can be identified. It does not include data where the identity of the individual has been removed (anonymised data).
Throughout this privacy notice, we use the term “processing” to refer to all activities involving your personal data, including collecting, processing, storing, sharing, accessing, using, transferring, deleting and destroying such data.
The personal data we collect about you depends on the particular activities carried out on our website. For example, we collect different types of personal data depending on whether you create a user account, purchase Codes/Comptess or simply browse the website. In general, we collect and process the following types of personal data:
Identity and contact data includes your name, postal address, email address, date of birth and any personal data provided when you contact us and, in the case of instant game partners, any personal data provided in connection with our partnership;
Financial data includes information necessary for payment processing and fraud prevention and, in the case of instant play partners, all billing information. If you pay us by payment card, this data includes payment card numbers, cardholder name(s), Security Code numbers and expiry dates. For all payment types, we will process payment data received from your payment card issuer or the provider of your chosen payment method;
Transaction Data includes details of payments you have made and other details of products and services you have purchased from us and, in the case of instant play partners, personal data relating to the administration, management and performance of our business relationship;
Technical Data may include Internet Protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technologies on the devices you use to access our website;
Usage data includes information about how you use the website, such as the services you view or search for, page response times, download errors, length of visits and page interaction information (such as scrolling, clicks and mouse-over); and
Marketing and communications data includes your preferences for receiving marketing communications from us and your communication preferences.
We also collect, use and share aggregated data such as statistical or demographic data for various purposes. Aggregate data may be derived from your personal data but is not considered personal data in law because it does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data in a way that directly or indirectly identifies you, we treat the combined data as personal data to be used in accordance with this privacy notice.
We do not collect special categories of personal data about you (this includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership; genetic data; biometric data for the purpose of uniquely identifying an individual or data concerning health or sexual orientation). We also do not collect information on criminal convictions and offences. Please do not provide on the website or in any communication with us any special categories of personal data and/or personal data relating to criminal convictions and offences about you; or any personal data about any other person.
Where we are required to collect personal data by law or under the terms of a contract we have with you (for example, under our terms of sale) and you do not provide such personal data when requested, we may not be able to perform the contract we have or are trying to enter into with you. We will inform you, at the time of collection of your personal data, whether you are required to provide such personal data to use the website or any of our services, and whether the provision of the personal data we request from you is optional.
- How your personal data is received
We may receive your personal data in a number of ways, including the following
Direct Interactions: You may provide us with your Identity and Contact Data, Profile Data, Financial Data and Transaction Data by creating and managing your user account, purchasing Codes/Comptess, using IG Credits and gift cards, selecting preferences, providing product reviews, filling out website forms, sharing product details or corresponding with us by post, telephone, email, SMS, social media or otherwise. This includes personal data you provide when you enter a competition, promotion or survey, give us feedback or contact us.
Automated technologies or interactions: When you interact with our website, we collect Technical Data and Usage Data, including your device details, browsing actions and patterns, searches, sections viewed, traffic data, web logs and other communication data and the resources you access. We collect this personal data using cookies, tracking codes/counters, server logs and other similar technologies. We may also receive technical data if you visit other websites using our cookies.
Third Party Sources: We may also receive Personal Data about you from third parties as set out below:
(a) Transaction Data from developers, confirming the redemption of Codes/Comptess that you purchase from us.
(b) Technical data from our analytics provider, Google Analytics.
(c) Identity and contact data, financial data and transaction data from payment service providers such as PayPal, HiPay and Paysafecard.
(d) Identity and contact data, profile data, financial data and transaction data from Transactial Limited, our Irish subsidiary which provides various services related to the purchase and redemption of Codes/Comptess, including payment processing according to the payment method selected at the time of purchase of Codes/Comptess, customer services and technical support.
(e) Identity and contact data from public sources such as a company register.
(f) Identity and contact data (your email address and name) when you log in using Facebook or Google services.
- How we use your personal data
In general, we do not rely on consent as a legal basis for processing your personal data, but we will ask for your consent before sending you direct marketing communications by email, SMS or other electronic means.
Marketing: We want to send you information about our services, upcoming game releases, pre-orders and offers, which may be of interest to you. Where we have your consent or it is in our legitimate interest to do so, we may do so by email and/or mobile push notifications.
If you have previously agreed to be contacted in this way, you can unsubscribe at any time by using the “unsubscribe” link in emails, by changing your notification settings on your mobile device or by contacting us using the information in section 13 below. You can also manage your personal data associated with your user account via the settings page.
If you agree, as part of our cookies, we will use certain technologies that allow us to see whether updates and other communications we send you have been viewed and read. As explained in section 6 above, we use this information in our legitimate interests to develop our products and services, direct marketing and business growth.
- Disclosure of your personal data
Except as set out in this Privacy Notice, we do not disclose to any third party any personal data that we collect from you or that you provide to us. We may share personal data with the parties listed below for the purposes set out in section 6 above.
Internal Third Parties: Companies within our group of companies (i.e. a parent company, a subsidiary and/or a parent company of another subsidiary) to assist us in providing our services. For example, our Irish-based subsidiary, Transactial Limited, assists us in processing your payments (depending on the payment method you have chosen for Codes/Comptess), customer services, technical support, managing cancellation rights and, where applicable, issuing refunds or other payments.
External third parties: Companies that provide products and services to us such as professional advisors, computer systems and support providers, data storage, computer developers, analytics companies, website hosting providers and other service providers.
Public and Governmental Authorities: Entities that regulate or have jurisdiction over us. We will disclose personal data to comply with any legal obligation, if ordered to do so by a court of competent jurisdiction, law enforcement, regulatory or administrative authority, or to enforce a contract with you or to protect our rights, property or safety and/or those of our staff, website users and others.
Business Activity: Third parties to whom we may choose to sell, transfer or merge parts of our business or assets. We may also seek to acquire or merge with other businesses. If there is a change in our business, the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to whom we disclose the personal data we collect under this privacy notice to respect the security of the personal data and to treat it in accordance with the law. We do not allow our service providers to use your personal data for their own purposes and only allow them to process your personal data for specific purposes and in accordance with our instructions. Unless prohibited by applicable law, we will inform you when your personal data may be provided to third parties in a manner other than that explained above, and you will be given the opportunity to prevent such sharing at the time we inform you.
- International Transfers
We are located in Dubai and your personal data will therefore be received and processed by us in Dubai. It may be necessary for us to disclose some of your personal data to our trusted suppliers who provide us with products and services that help us provide our services to you. Our trusted suppliers are located in the European Economic Area. We will ensure that any international transfer of your personal data complies with applicable laws.
- Updating your personal data
It is important that the personal data we hold about you is accurate and up-to-date. Please keep us informed, using your user account settings page, if any of your personal data changes during your relationship with us. You can also contact us using the information provided in section 13 below to update your personal data.
- Data security
We have security measures in place to prevent personal data from being accidentally lost, used or accessed in an unauthorised manner. We limit access to your personal data to those who have a genuine business need to know. Those who process your personal data do so only in an authorised manner and are subject to confidentiality obligations. You acknowledge that no entity can ensure the complete security of personal data. If you have reason to believe that any of your personal data is no longer secure, please notify us immediately by contacting us using the information provided in section 13 below.
- Data retention
We will only retain your personal data for as long as is reasonably necessary to fulfil the purposes for which we collected it, including to meet any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a claim or if we reasonably believe that there is a prospect of legal dispute regarding our relationship with you. In determining the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes by other means, and any applicable legal, regulatory, tax, accounting or other requirements.
- Your legal rights
In certain circumstances, under the law, you may have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This allows you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
Request correction of the personal data we hold about you. This allows you to have incomplete or inaccurate personal data we hold about you corrected.
Request the deletion of your personal data. This allows you to ask us to delete or erase personal data where we have no valid reason to continue processing it. You also have the right to ask us to erase or delete your personal data where you have exercised your right to object to processing (see below), where we may have processed your personal data unlawfully, or where we are required to erase your personal data to comply with local law. We may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
To object to the processing of your personal data where we rely on a legitimate interest (or those of a third party) and there is an element of your particular circumstances which causes you to object to the processing on this ground, as you consider it to impact on your fundamental rights and freedoms. You also have the right to object when we process your personal data for direct marketing purposes. In some cases, we can demonstrate that we have compelling legitimate grounds for processing your personal data that override your rights and freedoms.
Requesting the restriction of the processing of your personal data. This allows you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the accuracy of the data; (b) where our use of the personal data is unlawful but you do not want us to delete it; (c) where you need us to retain the personal data even if we no longer need it because you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds for using it.
Request the transfer of your personal data to you or a third party. This allows you to request that we provide you, or a third party you have chosen, with your personal data in a structured, commonly used and machine-readable format. Note that this right only applies to automated information that you initially consented to us using or where we have used the personal data to perform a contract with you.
Right to withdraw consent: If you give your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you wish to withdraw your consent, we will take steps to ensure that we no longer process your personal data for the purpose(s) you originally consented to, unless we have another legitimate basis for doing so in law. Withdrawal of consent will not affect the lawfulness of the processing based on the consent prior to the withdrawal.
In order to exercise one or more of your rights in relation to your personal data, please contact us in writing using the information provided in section 13 below. You will need to provide us with information that identifies you in our records, we will also need proof of your identity and address, and the information to which your request relates.
Please note that your user account settings page allows you to update, manage and upload some of your personal data, as well as deactivate your user account and delete [all] personal data associated with your user account.
You have the right to lodge a complaint with the data protection supervisory authority. However, we would appreciate the opportunity to address your concerns before you contact the supervisory authority and therefore request that you contact us in the first instance using the information provided in section 13 below.
- Contacting us
If you have any questions regarding this privacy notice, including any requests to exercise your legal rights, please contact us via the support and contact links on the website or by logging into your user account and logging into your user account.
- Changes to this privacy notice
We will amend this Privacy Notice from time to time and any changes will be contained in a revised Privacy Notice posted on the Website. This version of the privacy notice was last updated on 15 February 2022 and historical versions can be obtained by contacting us using the information in section 13 above.