Driffle logo

Privacy Policy

We give a lot of importance to the protection of your data. We have established safety and confidential rules to ensure the best possible protection of your data. We do, however, need to collect certain information when you order. Please know that personal data is not collected without your prior consent.

 

1. About Us


This website is operated by UAB Driffle, with its registered office at Vilnius, Naugarduko g. 3-401, 03231, Lithuania ("Driffle," "we," "us," "our").


The website driffle.com ("website") lists various digital Content, e.g., downloadable game titles and other downloadable Content ("Content"). We sell on the website official keys issued by the publisher and/or the Developer of relevant Content ("Developer"), which allow the user to unlock, access, and download the relevant Content from the Developer's platform ("Code(s)"). We are not the Developer of the Content, and we do not own or operate the Developer's platform.

 

2. Who Does This Privacy Notice Apply To?


This privacy notice applies to individuals who access, browse, and use our website. Its aim is to give you information on how we collect and process your personal data through your use of the website. We collect personal data when you access our website, register with us, contact us, send us feedback and product reviews, purchase Codes and other products via our website, post material to our website, request marketing updates, and take part in promotions, surveys, affiliation or partnership programs via our website.


It is important that you read this privacy notice together with any other privacy notice or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are aware of how and why we are using your personal data.

 

3. Third-Party Links


The website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices. When you leave our website, we encourage you to read the privacy notices of every website you visit. Please see our cookies policy for details of cookies and similar technologies served by third parties and how to control these.

For partners that wish to collaborate with us, we may use YouTube API Services to access and collect the number of subscribers you currently have on your YouTube channel. We will store that data for a period of 14 days. That information will not be shared with any external parties and will be used only internally by our marketing team.


You can access Google Privacy Policy at http://www.google.com/policies/privacy

 

4. Types of Personal Data We Process


"Personal data" means information about an individual from which that person can be identified. It does not include data where an individual's identity has been removed (anonymous data).


Throughout this privacy notice, we use the term "processing" to refer to all activities involving your personal data, including collecting, handling, storing, sharing, accessing, using, transferring, erasing, and disposing of it.


The personal data we collect about you depends on the particular activities carried out through our website. For example, we collect different types of personal data depending on whether you create a user account, purchase Codes, or only browse the website. Typically, we collect and process the following kinds of personal data:

 

4.1. Identity and Contact Data includes your name, postal address, email address, date of birth, and any personal data provided when contacting us;


4.2. Financial Data includes information necessary for processing payments and fraud prevention. If you pay us by payment card, this will include payment card numbers, cardholder name(s), security code numbers, and expiry dates. For all payment types, we will process payment details received from your payment card issuer or the provider of your chosen method of payment;


4.3. Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us;


4.4. Technical Data may include internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website;


4.5. Usage Data includes information about how you use the website, such as the services you view or search for, page response times, download errors, length of visits, and page interaction information (such as scrolling, clicks, and mouse-overs); and


4.6. Marketing and Communications Data includes your preferences in receiving marketing communications from us and your communication preferences.

 

We also collect, use, and share aggregated data, such as statistical or demographic data, for various purposes. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data, which will be used in accordance with this privacy notice.


We do not collect any special categories of personal data about you (this is personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data; biometric data for the purpose of uniquely identifying an individual or data concerning health or sexual orientation). Nor do we collect any information about criminal convictions and offenses. Please do not provide on the website or in any communications with us any special categories of personal data and/or personal data relating to criminal convictions and offenses relating to you or any personal data concerning any other person.


Where we need to collect personal data by law or under the terms of a contract we have with you (e.g., under our Terms and Conditions, and you do not provide that personal data when requested, we may not be able to perform the contract we have or are trying to enter into with you. We will inform you at the time of collecting personal data from you whether you must provide the personal data to use the website or any of our services and whether the provision of personal data requested by us is optional.

 

5. How Your Personal Data is Received


We may receive your personal data through various means including:

 

5.1. Direct interactions: You may give us your Identity and Contact Data, Profile Data, Financial Data, and Transaction Data by creating and managing your user account, purchasing Codes, selecting preferences, providing product reviews, filling in website forms, sharing product details or by corresponding with us by post, phone, email, SMS, social media or otherwise. This includes personal data you provide when you enter a competition, promotion, or survey, give us feedback, or contact us.


5.2. Automated technologies or interactions: As you interact with our website, we collect Technical Data and Usage Data, including details of your device, browsing actions and patterns, searches, sections viewed, traffic data, weblogs, and other communication data, and the resources that you access. We collect this personal data by using cookies, tracking codes, server logs, and other similar technologies. We may also receive Technical Data if you visit other websites using our cookies.


5.3. Third-party sources: We may also receive personal data about you from third parties, as set out below:


5.3.1. Transaction Data from Developers confirms the redemption of codes you purchased from us.

5.3.2. Technical Data from our analytics provider, Google Analytics.

5.3.3. Identity and Contact Data, Financial Data, and Transaction Data from providers of payment services such as Stripe, Cashfree, and Nuvei.

5.3.4. Identity and Contact Data, Profile Data, Financial Data, and Transaction Data from Bluecut Limited & UAB Driffle, which are our UK & EU subsidiary companies, respectively, that provide various services in conjunction with the purchase and redemption of Codes, including the processing of payments depending on the method of payment selected when purchasing Codes, customer services and technical support.

5.3.5. Identity and Contact Data from publicly available sources such as a registrar of companies.

5.3.6. Identity and Contact Data (your email address and name) when you log in using the services of either Facebook or Google.

 

6. How We Use Your Personal Data


We do not rely on consent as legal grounds for processing your personal data, although we will request your consent before sending direct marketing communications to you via email, text message, or other electronic means.


Marketing: We would like to send you information about our services, upcoming game releases, preorders, and offers that may be of interest to you. Where we have your consent, or it is in our legitimate interests to do so, we may do this by email.


If you have previously agreed to be contacted in this way, you can unsubscribe at any time by using the 'unsubscribe' link in emails or by contacting us using the information set out in section 13 below. You can also manage the personal data associated with your user account via the settings page.


If you agree, as part of our cookies framework, we will use certain technologies that allow us to see whether news updates and other communications we send to you have been viewed and read. As explained in section 6 above, we use this information for our legitimate interests to develop our products and services, direct market, and grow our business.


7. Disclosure of Your Personal Data


Except as set out in this privacy notice, we do not disclose to any third-party personal data that we collect from you or that you provide to us. We may have to share personal data with the parties set out below for the purposes set out in section 6 above.

 

7.1. Internal third parties: Companies within our group of companies (i.e., a parent company, a subsidiary company, and/or a parent of another subsidiary company) to assist us in providing our services. For example, our UK-established subsidiary, Bluecut Limited, assists us with the processing of your payments (depending on your chosen method of payment for Codes), customer services, technical support, managing cancellation rights, and, where applicable, issuing refunds or other payments.


7.2. External third parties: Companies that provide products and services to us, such as professional advisors, IT systems suppliers and support, data storage, IT developers, analytics companies, website hosting providers, and other service providers.


7.3. Public and government authorities: Entities that regulate or have jurisdiction over us. We will disclose personal data in order to comply with any legal obligation if we are ordered to do so by a court of competent jurisdiction, law enforcement, regulatory or administrative authorities or in order to enforce a contract with you or to protect our rights, property or safety and/or that of our staff, website users and others.


7.4. Corporate activity: Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.


We require all third parties who we disclose personal data that we collect under this privacy notice to respect the security of personal data and to treat it in accordance with the law. We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. Unless prevented by applicable law, we will notify you when your personal data may be provided to third parties in ways other than explained above, and you may have the option to prevent this sharing at the time that we notify you.

 

8. International Transfers


Your personal data will be received and processed by us in the United Kingdom. It may be necessary for us to disclose some of your personal data to our trusted suppliers, who provide us with products and services that assist us in providing our services to you. Our trusted suppliers are located inside the European Economic Area. We will ensure that any international transfers of your personal data are in accordance with applicable laws.


9. Updating your Personal Data


It is important that the personal data we hold about you is accurate and current. Please keep us informed, using your user account settings page, if any of your personal data changes during your relationship with us. You can also contact us using the information provided in section 13 below to update your personal data.


10. Data Security


We have security measures in place to prevent personal data from being accidentally lost, used, or accessed in an unauthorized way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your personal data will do so only in an authorized manner and are subject to obligations of confidentiality. You recognize that no entity can keep personal data fully secure. If you have reason to believe that any of your personal data is no longer secure, please notify us immediately by contacting us using the information provided in section 13 below.


11. Data Retention


We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of a legal dispute in respect of our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.


12. Your Legal Rights


Under certain circumstances, by law, you may have the right to:

 

12.1. Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.


12.2. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected.


12.3. Request the erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below), where we may have processed your personal data unlawfully, or where we are required to erase your personal data to comply with local law. We may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you, if applicable, at the time of your request.


12.4. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party), and there is something about your particular situation that makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling, legitimate grounds to process your personal data, which overrides your rights and freedoms.


12.5. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.


12.6. Request the transfer of your personal data to you or to a third party. This enables you to ask us to provide your personal data to you or a third party you have chosen in a structured, commonly used, machine-readable format. Note that this right only applies to automated information that you initially provided consent for us to use or where we used the personal data to perform a contract with you.


12.7. Right to withdraw consent: If you provide your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you wish to withdraw your consent, we will take steps to ensure we no longer process your personal data for the purpose(s) you originally agreed to unless we have another legitimate basis for doing so in law. Withdrawal of consent will not affect the lawfulness of processing based on consent before withdrawal.


In order to exercise one or more of your rights in respect of your personal data, please contact us in writing using the information provided in section 13 below. We will need you to provide us with information to identify you on our records; we will also need proof of your identity and address and the information to which your request relates.

Please note that the settings page of your user account enables you to update, manage, and download certain of your personal data to disable your user account and delete [all] personal data associated with your user account.

You have the right to make a complaint to the data protection supervisory authority. However, we would appreciate the chance to deal with your concerns before you contact the supervisory authority. Therefore, we ask you to please contact us in the first instance using the information provided in section 13 below.

 

13. Contact Us


If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us through the support and contact us links on the website. You can reach us by mail at UAB Driffle, Vilnius, Naugarduko g. 3-401, LT-03231 by email to [email protected]

 

14. Changes to This Privacy Notice


We will change this privacy notice from time to time, and any changes will be contained in a revised privacy notice posted on the website. This version of the privacy notice was last updated on 16 January 2024.