GDPR Compliance
General Data Protection Regulation
Our Commitment to GDPR
Funstack is committed to protecting the personal data of users in the European Economic Area (EEA) and complying with the General Data Protection Regulation (GDPR). This page explains your rights and how we handle your data.
Your Rights Under GDPR
As a data subject in the EEA, you have the following rights:
Right to Access
Request a copy of all personal data we hold about you
Right to Rectification
Request correction of inaccurate or incomplete data
Right to Erasure
Request deletion of your personal data ("right to be forgotten")
Right to Restrict Processing
Request limitation of how we process your data
Right to Data Portability
Receive your data in a structured, machine-readable format
Right to Object
Object to processing based on legitimate interests or marketing
Rights Related to Automated Decision-Making
Not be subject to solely automated decisions with legal effects
Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Contract: Processing necessary to provide our services
- Consent: Where you have given explicit consent (e.g., marketing)
- Legitimate Interests: For fraud prevention, security, and service improvement
- Legal Obligation: Where required by law
Data We Collect
We collect and process the following categories of personal data:
| Category | Examples | Purpose |
|---|---|---|
| Identifiers | Wallet address, player ID | Account management |
| Usage Data | Game activity, XP transactions | Service provision |
| Device Data | IP address, device type | Security, fraud prevention |
| Contact Data | Email (if provided) | Communications |
International Data Transfers
Your data may be transferred to and processed in countries outside the EEA. When we transfer data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Binding Corporate Rules for intra-group transfers
Data Retention
We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy, or as required by law. When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required for legal compliance or legitimate business purposes.
Blockchain Data
Please note that XP tokens and NFTs are recorded on a public blockchain. Blockchain data is immutable and cannot be deleted due to the technical nature of blockchain technology. Your wallet address and on-chain transactions are publicly visible but are pseudonymous unless you choose to link them to your identity.
Exercising Your Rights
To exercise any of your GDPR rights, you can:
- Use the privacy settings in your account dashboard
- Contact our Data Protection Officer at the email below
- Submit a request through our support portal
We will respond to your request within 30 days. We may ask for identity verification to ensure we are responding to the correct person.
Supervisory Authority
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with your local supervisory authority. A list of EEA supervisory authorities is available on the European Data Protection Board website.
Contact Our DPO
For GDPR-related inquiries or to exercise your rights:
Data Protection Officer, Funstack