Browse Collection
Browse Collection
The controller responsible for your personal data is:
Company: [COMPANY LEGAL NAME]
Registered office: [REGISTERED ADDRESS]
Company / register number: [REGISTRATION NUMBER]
Email: [PRIVACY CONTACT EMAIL]
Data Protection Officer (if appointed): [DPO NAME / CONTACT] (delete if not applicable)
If you have any questions about this Policy or how we handle your data, contact us using the details above.
We collect and process the following categories of data:
Account data: name, username, email address, password (stored in encrypted form).
Order and transaction data: products purchased, order history, licence keys issued, billing country, and amounts paid.
Payment data: payment is processed by our third-party payment providers. We receive confirmation of payment and limited details (such as the last digits and card type); we do not store full card numbers.
Technical and usage data: IP address, device and browser type, operating system, referral source, pages viewed, and download activity.
Communications data: messages you send us via email, support requests, and survey or marketing responses.
Marketing preferences: your consent choices for newsletters and promotional communications.
We do not intentionally collect special categories of personal data (e.g. health, religion, biometric data).
We rely on the following lawful bases under Article 6 GDPR:
Purpose
Lawful Basis
Creating and managing your account
Lawful Basis
Processing orders and delivering digital products
Performance of a contract (Art. 6(1)(b))
Processing payments and preventing fraud
Contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f))
Providing customer support
Contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f))
Complying with tax, accounting, and legal obligations
Legal obligation (Art. 6(1)(c))
Sending marketing communications
Consent (Art. 6(1)(a))
Improving and securing the Website
Legitimate interests (Art. 6(1)(f))
Using non-essential cookies/analytics
Consent (Art. 6(1)(a))
Where we rely on legitimate interests, we have assessed that those interests are not overridden by your rights and freedoms. You may object at any time (see Section 8).
4.1 The Website is a general-audience service. We do not knowingly direct our services at children or knowingly collect data from children below the age of digital consent (which is between 13 and 16 depending on the EU/EEA country; in [COUNTRY] the age is [INSERT AGE]) without verifiable parental consent.
4.2 Where consent is the lawful basis and the user is below the applicable age of digital consent, we will seek consent from, or verify that consent is given or authorised by, the holder of parental responsibility, in accordance with Article 8 GDPR.
4.3 If you believe a child has provided us with personal data without appropriate consent, contact us at [PRIVACY CONTACT EMAIL] and we will take steps to delete it.
5.1 We use cookies and similar technologies to operate the Website, remember your preferences, and—subject to your consent—to analyse usage and deliver marketing.
5.2 Strictly necessary cookies do not require consent. Non-essential cookies (analytics, advertising) are set only with your consent, obtained via our cookie banner, in line with the ePrivacy rules and GDPR.
5.3 You can manage or withdraw your cookie consent at any time via [COOKIE SETTINGS LINK]. For full details see our Cookie Policy [LINK].
We share personal data only as necessary, with:
Payment service providers to process transactions.
Hosting, infrastructure, and IT service providers that operate the Website and store data on our behalf.
Game/software publishers and licensors where required to deliver or support a Product or licence.
Analytics and marketing providers, where you have consented.
Professional advisers, auditors, and authorities where required to comply with law or to establish, exercise, or defend legal claims.
All processors act under written data processing agreements requiring them to protect your data and process it only on our instructions. We do not sell your personal data.
Where we transfer personal data outside the European Economic Area (EEA), we ensure an adequate level of protection through one of the GDPR safeguards: an adequacy decision of the European Commission, Standard Contractual Clauses, or another lawful transfer mechanism. You may request a copy of the relevant safeguards by contacting [PRIVACY CONTACT EMAIL].
Under the GDPR you have the right to:
Access – obtain confirmation of, and a copy of, the personal data we hold about you.
Rectification – have inaccurate or incomplete data corrected.
Erasure – have your data deleted (“right to be forgotten”) where applicable.
Restriction – restrict processing in certain circumstances.
Data portability – receive data you provided in a structured, commonly used, machine-readable format, and have it transmitted to another controller where technically feasible.
Object – object to processing based on legitimate interests, and to direct marketing at any time.
Withdraw consent – withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
Not be subject to a decision based solely on automated processing producing legal or similarly significant effects (we do not carry out such processing).
To exercise any right, contact [PRIVACY CONTACT EMAIL]. We will respond within one month, which may be extended by two further months for complex requests. Exercising your rights is free of charge unless requests are manifestly unfounded or excessive.
If you believe we have processed your data unlawfully, you have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA country of your residence or workplace. Our lead supervisory authority is [SUPERVISORY AUTHORITY NAME / COUNTRY] — [AUTHORITY WEBSITE]. We would, however, appreciate the chance to address your concerns first.
We retain personal data only as long as necessary for the purposes set out in this Policy:
Account data: for as long as your account is active, then deleted or anonymised within [INSERT PERIOD] of closure.
Order, invoice, and tax records: retained for the period required by applicable tax and accounting law (typically [INSERT PERIOD, e.g. 6–10 years]).
Marketing data: until you withdraw consent or object.
Technical logs: [INSERT PERIOD].
When data is no longer needed, we securely delete or anonymise it.
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and secure storage. In the event of a personal data breach likely to result in a risk to your rights, we will notify the competent supervisory authority and, where required, affected individuals, in line with Articles 33–34 GDPR.
We may update this Policy from time to time. The “Last updated” date shows when it was last revised. Material changes will be notified to you by email or a prominent notice on the Website.
For any privacy questions or to exercise your rights:
Email: [PRIVACY CONTACT EMAIL]
Post: [COMPANY LEGAL NAME], [REGISTERED ADDRESS]
Last updated: 30 June 2026
This Privacy Policy explains how [COMPANY LEGAL NAME] (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit questcart.online (the “Website”) and purchase our digital games and software products.
We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR“) and applicable national data protection laws.
The controller responsible for your personal data is:
Company: [COMPANY LEGAL NAME]
Registered office: [REGISTERED ADDRESS]
Company / register number: [REGISTRATION NUMBER]
Email: [PRIVACY CONTACT EMAIL]
Data Protection Officer (if appointed): [DPO NAME / CONTACT] (delete if not applicable)
If you have any questions about this Policy or how we handle your data, contact us using the details above.
We collect and process the following categories of data:
Account data: name, username, email address, password (stored in encrypted form).
Order and transaction data: products purchased, order history, licence keys issued, billing country, and amounts paid.
Payment data: payment is processed by our third-party payment providers. We receive confirmation of payment and limited details (such as the last digits and card type); we do not store full card numbers.
Technical and usage data: IP address, device and browser type, operating system, referral source, pages viewed, and download activity.
Communications data: messages you send us via email, support requests, and survey or marketing responses.
Marketing preferences: your consent choices for newsletters and promotional communications.
We do not intentionally collect special categories of personal data (e.g. health, religion, biometric data).
We rely on the following lawful bases under Article 6 GDPR:
Purpose
Lawful Basis
Creating and managing your account
Lawful Basis
Processing orders and delivering digital products
Performance of a contract (Art. 6(1)(b))
Processing payments and preventing fraud
Contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f))
Providing customer support
Contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f))
Complying with tax, accounting, and legal obligations
Legal obligation (Art. 6(1)(c))
Sending marketing communications
Consent (Art. 6(1)(a))
Improving and securing the Website
Legitimate interests (Art. 6(1)(f))
Using non-essential cookies/analytics
Consent (Art. 6(1)(a))
Where we rely on legitimate interests, we have assessed that those interests are not overridden by your rights and freedoms. You may object at any time (see Section 8).
4.1 The Website is a general-audience service. We do not knowingly direct our services at children or knowingly collect data from children below the age of digital consent (which is between 13 and 16 depending on the EU/EEA country; in [COUNTRY] the age is [INSERT AGE]) without verifiable parental consent.
4.2 Where consent is the lawful basis and the user is below the applicable age of digital consent, we will seek consent from, or verify that consent is given or authorised by, the holder of parental responsibility, in accordance with Article 8 GDPR.
4.3 If you believe a child has provided us with personal data without appropriate consent, contact us at [PRIVACY CONTACT EMAIL] and we will take steps to delete it.
5.1 We use cookies and similar technologies to operate the Website, remember your preferences, and—subject to your consent—to analyse usage and deliver marketing.
5.2 Strictly necessary cookies do not require consent. Non-essential cookies (analytics, advertising) are set only with your consent, obtained via our cookie banner, in line with the ePrivacy rules and GDPR.
5.3 You can manage or withdraw your cookie consent at any time via [COOKIE SETTINGS LINK]. For full details see our Cookie Policy [LINK].
We share personal data only as necessary, with:
Payment service providers to process transactions.
Hosting, infrastructure, and IT service providers that operate the Website and store data on our behalf.
Game/software publishers and licensors where required to deliver or support a Product or licence.
Analytics and marketing providers, where you have consented.
Professional advisers, auditors, and authorities where required to comply with law or to establish, exercise, or defend legal claims.
All processors act under written data processing agreements requiring them to protect your data and process it only on our instructions. We do not sell your personal data.
Where we transfer personal data outside the European Economic Area (EEA), we ensure an adequate level of protection through one of the GDPR safeguards: an adequacy decision of the European Commission, Standard Contractual Clauses, or another lawful transfer mechanism. You may request a copy of the relevant safeguards by contacting [PRIVACY CONTACT EMAIL].
Under the GDPR you have the right to:
Access – obtain confirmation of, and a copy of, the personal data we hold about you.
Rectification – have inaccurate or incomplete data corrected.
Erasure – have your data deleted (“right to be forgotten”) where applicable.
Restriction – restrict processing in certain circumstances.
Data portability – receive data you provided in a structured, commonly used, machine-readable format, and have it transmitted to another controller where technically feasible.
Object – object to processing based on legitimate interests, and to direct marketing at any time.
Withdraw consent – withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
Not be subject to a decision based solely on automated processing producing legal or similarly significant effects (we do not carry out such processing).
To exercise any right, contact [PRIVACY CONTACT EMAIL]. We will respond within one month, which may be extended by two further months for complex requests. Exercising your rights is free of charge unless requests are manifestly unfounded or excessive.
If you believe we have processed your data unlawfully, you have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA country of your residence or workplace. Our lead supervisory authority is [SUPERVISORY AUTHORITY NAME / COUNTRY] — [AUTHORITY WEBSITE]. We would, however, appreciate the chance to address your concerns first.
We retain personal data only as long as necessary for the purposes set out in this Policy:
Account data: for as long as your account is active, then deleted or anonymised within [INSERT PERIOD] of closure.
Order, invoice, and tax records: retained for the period required by applicable tax and accounting law (typically [INSERT PERIOD, e.g. 6–10 years]).
Marketing data: until you withdraw consent or object.
Technical logs: [INSERT PERIOD].
When data is no longer needed, we securely delete or anonymise it.
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and secure storage. In the event of a personal data breach likely to result in a risk to your rights, we will notify the competent supervisory authority and, where required, affected individuals, in line with Articles 33–34 GDPR.
We may update this Policy from time to time. The “Last updated” date shows when it was last revised. Material changes will be notified to you by email or a prominent notice on the Website.
For any privacy questions or to exercise your rights:
Email: [PRIVACY CONTACT EMAIL]
Post: [COMPANY LEGAL NAME], [REGISTERED ADDRESS]
Last updated: 30 June 2026
This Privacy Policy explains how [COMPANY LEGAL NAME] (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit questcart.online (the “Website”) and purchase our digital games and software products.
We process personal data in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR“) and applicable national data protection laws.
The controller responsible for your personal data is:
Company: [COMPANY LEGAL NAME]
Registered office: [REGISTERED ADDRESS]
Company / register number: [REGISTRATION NUMBER]
Email: [PRIVACY CONTACT EMAIL]
Data Protection Officer (if appointed): [DPO NAME / CONTACT] (delete if not applicable)
If you have any questions about this Policy or how we handle your data, contact us using the details above.
We collect and process the following categories of data:
Account data: name, username, email address, password (stored in encrypted form).
Order and transaction data: products purchased, order history, licence keys issued, billing country, and amounts paid.
Payment data: payment is processed by our third-party payment providers. We receive confirmation of payment and limited details (such as the last digits and card type); we do not store full card numbers.
Technical and usage data: IP address, device and browser type, operating system, referral source, pages viewed, and download activity.
Communications data: messages you send us via email, support requests, and survey or marketing responses.
Marketing preferences: your consent choices for newsletters and promotional communications.
We do not intentionally collect special categories of personal data (e.g. health, religion, biometric data).
We rely on the following lawful bases under Article 6 GDPR:
Purpose
Lawful Basis
Creating and managing your account
Lawful Basis
Processing orders and delivering digital products
Performance of a contract (Art. 6(1)(b))
Processing payments and preventing fraud
Contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f))
Providing customer support
Contract (Art. 6(1)(b)) and legitimate interests (Art. 6(1)(f))
Complying with tax, accounting, and legal obligations
Legal obligation (Art. 6(1)(c))
Sending marketing communications
Consent (Art. 6(1)(a))
Improving and securing the Website
Legitimate interests (Art. 6(1)(f))
Using non-essential cookies/analytics
Consent (Art. 6(1)(a))
Where we rely on legitimate interests, we have assessed that those interests are not overridden by your rights and freedoms. You may object at any time (see Section 8).
4.1 The Website is a general-audience service. We do not knowingly direct our services at children or knowingly collect data from children below the age of digital consent (which is between 13 and 16 depending on the EU/EEA country; in [COUNTRY] the age is [INSERT AGE]) without verifiable parental consent.
4.2 Where consent is the lawful basis and the user is below the applicable age of digital consent, we will seek consent from, or verify that consent is given or authorised by, the holder of parental responsibility, in accordance with Article 8 GDPR.
4.3 If you believe a child has provided us with personal data without appropriate consent, contact us at [PRIVACY CONTACT EMAIL] and we will take steps to delete it.
5.1 We use cookies and similar technologies to operate the Website, remember your preferences, and—subject to your consent—to analyse usage and deliver marketing.
5.2 Strictly necessary cookies do not require consent. Non-essential cookies (analytics, advertising) are set only with your consent, obtained via our cookie banner, in line with the ePrivacy rules and GDPR.
5.3 You can manage or withdraw your cookie consent at any time via [COOKIE SETTINGS LINK]. For full details see our Cookie Policy [LINK].
We share personal data only as necessary, with:
Payment service providers to process transactions.
Hosting, infrastructure, and IT service providers that operate the Website and store data on our behalf.
Game/software publishers and licensors where required to deliver or support a Product or licence.
Analytics and marketing providers, where you have consented.
Professional advisers, auditors, and authorities where required to comply with law or to establish, exercise, or defend legal claims.
All processors act under written data processing agreements requiring them to protect your data and process it only on our instructions. We do not sell your personal data.
Where we transfer personal data outside the European Economic Area (EEA), we ensure an adequate level of protection through one of the GDPR safeguards: an adequacy decision of the European Commission, Standard Contractual Clauses, or another lawful transfer mechanism. You may request a copy of the relevant safeguards by contacting [PRIVACY CONTACT EMAIL].
Under the GDPR you have the right to:
Access – obtain confirmation of, and a copy of, the personal data we hold about you.
Rectification – have inaccurate or incomplete data corrected.
Erasure – have your data deleted (“right to be forgotten”) where applicable.
Restriction – restrict processing in certain circumstances.
Data portability – receive data you provided in a structured, commonly used, machine-readable format, and have it transmitted to another controller where technically feasible.
Object – object to processing based on legitimate interests, and to direct marketing at any time.
Withdraw consent – withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
Not be subject to a decision based solely on automated processing producing legal or similarly significant effects (we do not carry out such processing).
To exercise any right, contact [PRIVACY CONTACT EMAIL]. We will respond within one month, which may be extended by two further months for complex requests. Exercising your rights is free of charge unless requests are manifestly unfounded or excessive.
If you believe we have processed your data unlawfully, you have the right to lodge a complaint with a supervisory authority, in particular in the EU/EEA country of your residence or workplace. Our lead supervisory authority is [SUPERVISORY AUTHORITY NAME / COUNTRY] — [AUTHORITY WEBSITE]. We would, however, appreciate the chance to address your concerns first.
We retain personal data only as long as necessary for the purposes set out in this Policy:
Account data: for as long as your account is active, then deleted or anonymised within [INSERT PERIOD] of closure.
Order, invoice, and tax records: retained for the period required by applicable tax and accounting law (typically [INSERT PERIOD, e.g. 6–10 years]).
Marketing data: until you withdraw consent or object.
Technical logs: [INSERT PERIOD].
When data is no longer needed, we securely delete or anonymise it.
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and secure storage. In the event of a personal data breach likely to result in a risk to your rights, we will notify the competent supervisory authority and, where required, affected individuals, in line with Articles 33–34 GDPR.
We may update this Policy from time to time. The “Last updated” date shows when it was last revised. Material changes will be notified to you by email or a prominent notice on the Website.
For any privacy questions or to exercise your rights:
Email: [PRIVACY CONTACT EMAIL]
Post: [COMPANY LEGAL NAME], [REGISTERED ADDRESS]