GDPR Compliance

Last Updated: April 2026

1. Our Commitment

GameForge is committed to protecting your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

2. Data Controller

GameForge acts as a data controller for customer account information and billing data. Contact us at [email protected] for data protection matters.

VAT Registration No. GB 444 8609 70

3. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract Performance: To provide hosting services
• Legal Obligation: Tax compliance, fraud prevention
• Legitimate Interests: Service improvement, security
• Consent: Marketing communications (where applicable)

4. Data Subject Rights

You have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent
• Lodge a complaint with supervisory authority

To exercise these rights, contact [email protected]

5. Data Security

We implement appropriate technical and organizational measures including:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security assessments
• Staff training on data protection
• Incident response procedures

6. Data Processing Agreements

For customers who process personal data on our servers, we offer Data Processing Agreements (DPA) upon request. Contact [email protected] for DPA arrangements.

7. International Transfers

Data may be processed in:

• United Kingdom (Adequate protection under UK GDPR)
• Canada (Adequacy decision by EU Commission)

All transfers comply with GDPR requirements and include appropriate safeguards.

8. Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy and to comply with legal obligations. Account data is deleted 30 days after service termination unless legal retention is required.

9. Breach Notification

In the event of a personal data breach, we will notify affected individuals and relevant supervisory authorities within 72 hours as required by GDPR.

10. Supervisory Authority

UK customers can lodge complaints with the Information Commissioner's Office (ICO). EU customers can contact their local supervisory authority.