Privacy policy last time updated: January 17th, 2025

Note: The terms encountered throughout the text of this policy are used in the same way as they specified in Terms and Conditions.

DRIFTBAY LIMITED
Address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

Registration number: 16160254

DRIFTBAY respects the right of its clients and takes responsibility by keeping private data confidential. We pledge to provide security and safety for any data we receive and to store and use it in compliance with the current legislation.

To find what data we collect and how we use it, please read our Privacy Policy.

When creating an account or order you provide personal information and agree to us collecting and processing your personal data by accepting the terms and conditions listed in our Terms and Conditions and the Privacy Policy. Any provision of the current document is only valid on the DRIFTBAY website and associating resources.

1. Information we may collect from you

1.1. Once you interact with the website, such as register your personal account on the Website and use our services via a browser on another electronic device, the Personal Data begins to be automatically obtained:

a.1) obligatory regarding:

• The e-mail address,
• The date and time of registration, the date and time of authorization on the Website and the details of visits to our site, including access time,
• The source of arrival on the Website,
• The country, region and city,
• The password and the Username,
• The IP address,
• Records of correspondence (including any further information we may request from you) when you contact us to request information, report a problem, or provide feedback on our services,
• The financial information* you provide during an order, or other transaction and order-based content that you generate or that is connected to your account as a result of a transaction and the appropriate order you are involved in (credit and debit card partial number, the number of e-Wallet (if applicable) and related e-mail number for e-Wallet (if applicable).

*Please pay your attention to the following: we DO NOT STORE, DO NOT SELL AND DO NOT HAVE AN ACCESS to your card expiry date, billing address and CV code. For Visa cards we DO NOT HAVE A FULL ACCESS to the card number (e.g. 1234 5678 **** **00).

a.2) optionally:

• The data necessary for accessing respective Game account,
• The telephone number,
• The Name and the Surname,
• The time zone,
• The Userpic. 

You may also provide us with other information through your personal account on the Website by updating or adding information, through your participation in community discussions, online chats, dispute resolution, or when you otherwise communicate with us regarding our services.

1.2. We also gather certain information in connection to your interaction with our services automatically and store it in log files. This information may include:

• Internet protocol (IP) addresses, cookies, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data, device ID or unique identifier, device type, ID for advertising, and unique device token.
• Location information.
• Computer and connection information such as statistics on your page views, traffic to and from the sites, referral URL, ad data, your IP address, your browsing history, and your web log information.

2. Cookies and similar technologies

We use Cookies, Web beacons and another similar technologies to gather information about the webpages you view, the links you click and other actions you may take when using the Website. “Cookies” are small text files stored by your web browser when you use websites. For non-essential cookies, your explicit consent is required. For more information about using Cookies and how you can control Cookies please review our Cookies Policy.

3. For what purposes we use your Personal Data?

3.1. We collect and use your Personal Data with your consent to provide you with access to the Website and our services, contact you about your account and our services, and to detect, prevent, mitigate and investigate fraudulent or illegal activities. The personal information you submit to us may be used to manage our relationship with you, including any of your requests, or to customize or improve the Website and related services offered to you. In particular, but not limited to, we may gather your Personal Data for:

• verifying your identity;
• verifying your eligibility to become a client;
• processing your registration as a user, and maintaining and managing your registration;
• providing you with customer service and responding to your inquiries, claims or disputes;
• assessing account security and transaction risks of users, detecting and preventing fraud and other security incidents;
• personalizing our communication with users based on the order history and browser records, and performing research or statistical analysis in order to customize and improve the content and layout of the Website;
• internal record keeping, billing, accounting and market research purposes;
• developing and marketing our services in accordance with applicable laws;
• providing you location based services (such as advertising, search results, and other personalized content based on your general location information);
• notifying you about important functionality changes and alterations to the Website 

3.2. Subject to user’s prior consent cookies or other similar technologies may be used to provide you by electronic means with advertising and promotion materials based upon your browsing activities and interests. You may at any time request that we discontinue sending you advertising and promotion materials, emails or other correspondence.

3.3. When we believe it is necessary to comply with applicable laws or to exercise or defend our legal rights or protect your legal interests or those of any third party, we may also disclose and transfer your Personal Data to our professional advisers, law enforcement agencies, insurers, government and regulatory authorities and other organizations, courts, pre-trial investigation institutions, or as otherwise required or permitted by applicable laws.

3.4. Personal Data collected for the purposes specified in this Privacy Policy shall not be processed in any way incompatible with these legitimate purposes or legal requirements: your Personal Data is used only for above mentioned purposes, unless it is required or permitted by law.

4. Ways you can control processing and profiling of your Personal Data

For the purposes of this provision the following definitions will be used:

«Controller» means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

Your Personal Data Controller is DRIFTBAY LIMITED a company registered in the United Kingdom under registration number 16160254, having its registered office at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ). If you have any requests, questions or concerns about our use of your Personal Data and this Privacy Policy, please contact us at info@mywarcraft.store. The person submitting the request must clearly indicate their full name and add a copy of his/her personal identification document or sign the request electronically.

The Controller is responsible for the collection, use, disclosure, retention and protection of your personal information.

«Processor» means a natural or legal person, public Authority, agency or other body which processes Personal Data on behalf of the controller. Being a Data Subject, each user has the following rights:

4.1. The right of access to data

The right to obtain from the controller confirmation as to whether or not Personal Data concerning you are being processed, and, where that is the case, access to the Personal Data and the information about the purposes of the processing; the categories of Personal Data concerned; the recipients or categories of recipient to whom the Personal Data have been or will be disclosed; to obtain from DRIFTBAY a copy of the Personal Data undergoing processing in accordance with the applicable law; the existence of automated decision-making, including profiling.

If any further copies of the Personal Data undergoing processing were requested, the Controller may charge a reasonable fee based on administrative costs.

4.2. The right of rectification

the right to obtain from the Controller the rectification of inaccurate Personal Data concerning the User or to have the incomplete Personal Data completed by providing a relevant request.

4.3. The right to be forgotten / to erasure

the right to obtain from the Controller the erasure of Personal Data concerning the User. Please note that the Controller shall have the obligation to erase Personal Data in the case of one of the following grounds applies:

• the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• the User withdraws consent on which the processing is based and where there is no other legal ground for the processing;
• the User objects to the processing and there are no overriding legitimate grounds for the processing;
• the Personal Data have been unlawfully processed;
• the Personal Data have to be erased for compliance with a legal obligation of the law to which the Controller is subject.

4.4. The right to restriction of processing

the right to obtain from the Controller restriction of processing where one of the following applies:

• the accuracy of the Personal Data is contested by the User;
• the processing is unlawful and the User opposes the erasure of the Personal Data and requests the restriction of their use instead;
• the Controller no longer needs the Personal Data for the purposes of the processing, but they are required by the User for the establishment, exercise or defense of legal claims;
• the User has objected to processing (including profiling)* pending the verification whether the legitimate grounds of the Controller override those of the data subject.

*if processing is necessary for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by the Controller or by a third party

4.5. The right to object

the right to object to the processing of the Personal Data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing. The Controller shall no longer process the Personal Data unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User or for the establishment, exercise or defense of legal claims.

4.6. The right to lodge a complaint

the right to lodge a complaint with a data protection Authority in United Kingdom.

4.7. The right to data portability

the right to receive the Personal Data concerning the User, which was provided by the User for the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Controller to which the Personal Data have been provided.

4.8. The user can exercise thier rights to access, correct, or delete of the data by submitting a written request to:  

– Email: info@mywarcraft.store

– Postal address: DRIFTBAY, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

4.9. The Controller shall provide information on action taken on a request to the User within one (1) month of receipt of the request. That period may be extended by two (2) further months where necessary, taking into account the complexity and number of the requests. The Controller shall inform the User of any such extension within one (1) month of receipt of the request, together with the reasons for the delay.

4.10. The consent the User gives us to the processing of the Personal Data is to be freely given. So each User has the right to withdraw his or her consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. We kindly ask you to note that after you withdraws your consent, you will not be able to use our services and the Website no more: it only happens because we need to collect your Personal Data to provide safe, quality and legally compliant services for you. If you do decide to withdraw your consent, please contact us at info@mywarcraft.store.

5. Data retention period

We retain personal information for as long as your account is active or as necessary for the duration of the purposes outlined in this Privacy Policy. Notwithstanding the duration of the purposes or the status of your account, we may retain your information longer, if necessary, to comply with our legal or professional obligations, enforce our agreements, or resolve disputes.

In particular, specific retention periods are:

• Account data: Retained for the duration of your account’s activity.
• Transaction data: Retained for 5-7 years to comply with legal and regulatory requirements.
• Technical data: Retained for 3 years. 
• Marketing data: Retained until you withdraw your consent.

6. Children’s privacy protection

We understand the importance of protecting children’s online privacy. Our Platform is considered to be general audience and is not designed for or intentionally targeted at children and people under the age of 18. If a child has provided us with Personal Data without parental or guardian consent, the parent or guardian should contact info@mywarcraft.store to remove the information.

7. Third-party websites

We are not responsible for the protection of the User’s privacy on websites of third parties, even if such websites are accessed by the User through links provided on this website. We recommend to review carefully privacy policies of each website different from https://mywarcraft.store/ .

8. Legal basis

8.1. We collect and process Personal Data in accordance with the Data Protection Act (2018), the General Data Protection Regulation (GDPR) and other legal acts. All employees, agents and employees of the agents of DRIFTBAY who know the secret of the Personal Data must keep it safe even after termination of the employment or contractual relationship.

8.2. For the purpose of the processing of the Personal Data, DRIFTBAY may engage data processors and/or, at its sole discretion, hire other individuals to perform certain functions on behalf of DRIFTBAY. In such cases, DRIFTBAY shall take necessary measures to ensure that such Personal Data is processed by the Personal Data processors in accordance with instructions of DRIFTBAY and applicable legislation. DRIFTBAY shall also require the Personal Data processors to implement appropriate measures for the security of Personal Data. In such cases, DRIFTBAY shall ensure that such engaged individuals will be subject to the non-disclosure obligation and will not be able to use this information for any other purpose, except to the extent necessary to perform the functions assigned to them.

8.3. Our legal basis to process your Personal Data depends on the Personal Data concerned and the specific context in which we collect it. We process your Personal Data for the following purposes:

9. What measures do we apply for the information security?

9.1. We have in place reasonable commercial standards of technology and operational security and appropriate legal measures to protect all personal information provided by Users from unauthorized access, disclosure, alteration, risks of loss, misuse or unlawful erasure, as well as from any other unauthorized form of processing.

We implement appropriate technical and organizational measures to ensure the security of your data, including:

• Encryption of sensitive data during transmission.
• Regular security assessments and updates.
• Restricted access to personal data for authorized personnel only.

Despite these measures, no system is entirely secure. 

9.2. For registered Users of the Platform the Personal Data provided is protected by a password. We recommend that you do not disclose your password to anyone. If you share a computer with others, you should not choose to save your log-in information (e.g., user ID and password) on that shared computer. Remember to sign out of your account and close your browser window when you have finished your session.

We kindly ask you to note that we cannot guarantee the privacy or security of your Personal Data once you provide it for any third party and we encourage you to evaluate the privacy policy before deciding to share your Personal Data.

10. Disclosure of information to third parties

10.1. We may disclose and transmit your Personal Data to our business partners, to hosting providers and SMS-providers engaged by us to assist us to provide Services for you or who otherwise process Personal Data for the purposes described in this Privacy Policy or notified to you when we collect your Personal Data. Your personal information may also be disclosed to employers of DRIFTBAY and legal consultants in order to respond to your requests or inquiries.

10.2. We do not have an access to the full financial information provided by you entering in transaction (please see the provisions 1.a.1 and 1.b.1 of this Privacy Policy). The financial institutions you have chosen for the payment of the services process and have an access to the full pack of your financial data you provided during the transaction.

10.3. Personal information may also be disclosed to law enforcement, regulatory or other government agencies, or to other third parties, in each case to comply with legal, regulatory, or national security obligations or requests.

All of these disclosures may involve the transfer of personal information to countries or regions without data protection rules similar to those in effect in your area of residence.

10.4. We might transfer your personal data to countries outside the European Economic Area (EEA). Some of these countries have been recognized by the European Commission as providing an adequate level of data protection. If personal data is transferred from European Union outside European Economic Area, we make sure that adequate level of personal data protection is assured. For transfers to other countries, we ensure your data is protected by using one of the following safeguards: 

• Standard Contractual Clauses (SCCs) approved by the European Commission; 

• Binding Corporate Rules (BCRs).

By providing information, you are consenting to the disclosures described above.

11. Data Breach Notification

We take the protection of your personal data seriously. In the event of a data breach that may compromise the confidentiality, integrity, or availability of your personal data, we will take the following steps in accordance with applicable laws and regulations, including the GDPR and the UK Data Protection Act. 

11.1. If a breach is likely to result in a risk to your rights and freedoms, we will notify the relevant data protection authority within 72 hours of becoming aware of the incident. The notification will include:

• The nature and scope of the breach,
• The categories and number of affected individuals and records,
• The likely consequences and our mitigation actions,
• Contact details for further information.

11.2. If the breach poses a high risk to your rights and freedoms, we will notify you without undue delay. The notification will include:

• Details of the breach,
• Potential consequences,
• Steps you can take to protect yourself,
• Measures we have implemented to mitigate the impact.

11.3. Individual notifications may not be required in cases when the breached data was encrypted or unintelligible; effective measures have reduced any risk to individuals or public communication is more appropriate due to disproportionate effort.

11.4. All breaches will be logged internally, detailing the nature of the breach, its effects, and actions taken. This ensures ongoing improvement in our data protection measures.

For questions or concerns, contact us at info@mywarcraft.store.

12. Lodging a complaint

If you believe that your rights regarding the processing of your personal data have been violated or if you have concerns about how we handle your personal data, you have the right to lodge a complaint with a data protection authority.

12.1. For users in the United Kingdom, you can contact the Information Commissioner’s Office (ICO) using the following details:

• https://ico.org.uk 
• Telephone: +44 303 123 1113
• Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

12.2. For users in the European Union, you can contact the data protection authority in your country of residence. A full list of EU data protection authorities is available here: https://edpb.europa.eu/about-edpb/board/members_en.

12.3. If you have any questions or wish to raise concerns directly with us, you can contact us at info@mywarcraft.store. We aim to address and resolve all complaints in a timely and satisfactory manner.

13. Changes to this Privacy Policy and future developments

13.1. We continually improve and update our Website to enhance your experience and the services we provide for you. As a result, our Privacy Policy continues to evolve. As soon as we implement new technology or provide new services, we will update our Privacy Policy accordingly. We encourage you to refer to this page on an ongoing basis for our most current Privacy Policy and practices.

13.2. If our information practices change at any time in the future, we will post the policy changes on this page including the effective date of the amended version of the Privacy Policy and such modified or amended Privacy Policy shall be effective as to you and your information as of that effective date. If we make any material changes we will announce it and notify you by means of a notice on this website.

13.3. If you wish to obtain a copy of previous versions of this Privacy Police, please contact us at info@mywarcraft.store 

14. Final provisions

14.1. We may process and retain your Personal Data on our servers in accordance with the current legislation of the United Kingdom.

14.2. These Privacy Policy provisions are subject to the law of United Kingdom. All the disputes regarding the provisions of this Privacy Policy shall be settled by negotiation and, in case of failure to resolve an issue by negotiation, the dispute shall be taken to courts of United Kingdom.

14.3. You can visit this website not providing any information about yourself, however, if you want to use the Services of the Platform, we will ask you to provide your Personal Data and to carry out established identification procedures. If you not register on the Platform, we do not collect your Personal Data, however, your Personal Data may be gathered by Google Analytics or any other similar instrument.

14.4. By visiting our Website and/or using the services of the Website, you acknowledge and confirm that you have read the Privacy Policy, understand it and agree with it. We kindly ask you to note that when visiting this website, you have a responsibility to make sure that you are familiar with the latest version of the Privacy Policy that applies to you at the time you are visiting the Website.

For questions or concerns about this Privacy Policy, please contact us at:

DRIFTBAY LIMITED
Address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

Email: info@mywarcraft.store