Privacy Policy

1. Data Controller

• Controller: EmuDeck SL
• Tax ID (CIF): B70692900
• Address: 28820 Madrid, Spain
• Email: info@emudeck.com

2. Data We Collect

Depending on your interaction with the platform, we may collect the following personal data:

• Users (buyers): email, password (encrypted), country, newsletter preference.
• Developers: name, email, password (encrypted), country, PayPal account, VAT number (if applicable), portfolio.
• Contact form: name, email, subject, and message.
• Purchase data: transaction ID, game purchased, amount.

3. Purpose of Processing

• Managing user and developer registration and authentication.
• Processing purchases and providing access to downloads.
• Managing payments to developers.
• Sending marketing communications about promotions and new games (only with the user's explicit consent).
• Responding to inquiries submitted through the contact form.
• Complying with legal and tax obligations.

4. Legal Basis for Processing

• Performance of a contract (Art. 6.1.b GDPR): to manage your account and process purchases.
• Consent (Art. 6.1.a GDPR): for sending marketing communications.
• Legitimate interest (Art. 6.1.f GDPR): to prevent fraud and ensure security.
• Legal obligation (Art. 6.1.c GDPR): to comply with tax and fiscal regulations.

5. Sharing Data with Third Parties

We do not sell or share your personal data with third parties for commercial purposes.

Your data may only be disclosed to:

• PayPal / Stripe: to securely process payments. These providers act as independent data controllers for payment data.
• Backblaze: for game file storage (no personal data).
• Competent authorities: when required by law.

6. International Transfers

Some of our service providers (PayPal, Stripe, Backblaze) may be located outside the European Economic Area. In such cases, transfers are made under appropriate safeguards, including Standard Contractual Clauses approved by the European Commission or adequacy decisions.

7. Data Retention

• Account data: while the account is active and for the legally required period thereafter.
• Transaction data: for the period required by tax regulations (minimum 5 years).
• Marketing communications: until the user withdraws consent.
• Contact form: for the time necessary to resolve the inquiry.

8. Your Rights

Under the GDPR, you have the right to:

• Access: know what personal data we process about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion of your data when it is no longer necessary.
• Restriction: request restriction of processing under certain circumstances.
• Portability: receive your data in a structured, commonly used format.
• Objection: object to the processing of your data under certain circumstances.
• Withdraw consent: at any time, without affecting the lawfulness of prior processing.

To exercise these rights, send an email to info@emudeck.com stating your request along with a document proving your identity.

If you believe your rights have not been properly addressed, you may file a complaint with the Spanish Data Protection Agency (AEPD).

9. Security

EmuDeck SL implements the necessary technical and organizational measures to ensure the security of personal data, including:

• Password encryption using bcrypt.
• Encrypted communications via HTTPS/TLS.
• Cryptographically generated authentication tokens.
• Rate limiting on API endpoints.
• CSRF protection on forms.