Last updated: June 27, 2026
This privacy policy describes how GAME PARK collects, uses and protects the personal data of users of its website and gaming services. It is established in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the French Data Protection Act (Law No. 78-17 of 6 January 1978, as amended).
It supplements the General Terms of Service and the Legal Notice of the website. We encourage you to read it carefully in order to understand what data we process, why, for how long, and what your rights are.
The controller of the personal data collected on this website is:
GAME PARK, a simplified joint-stock company with a share capital of €200,000.
Registered with the Nantes Trade and Companies Register under number 893 659 300.
Registered office: 43 rue des Camélias, 44470 Thouaré-sur-Loire, France.
Legal representative: Romain Fromi, President.
Contact for exercising your rights and for any question relating to your data: contact@game-park.com — +33 7 49 88 36 03.
No Data Protection Officer (DPO) has been appointed, as such an appointment is not mandatory at this stage.
Host: Clever Cloud SAS, 3 rue de l'Allier, 44000 Nantes, France.
We process your personal data for the following purposes, on the legal bases and for the retention periods indicated:
| Processing | Purpose | Legal basis | Data | Retention period |
|---|---|---|---|---|
| Player accounts | Registration, authentication, profile management | Performance of the contract (General Terms of Service) | Login credentials, email, username, password (hashed), preferences | For the lifetime of the account; deletion after 3 years of inactivity |
| Gaming service, statistics, rankings | Provide the service, calculate scores and rankings | Performance of the contract | Game data, decisions, scores | For the lifetime of the account; aggregated or anonymised thereafter |
| Subscriptions and payments | Manage premium subscriptions and payments | Performance of the contract; legal obligation (accounting) | Name, email, billing data, subscription history | Billing data: 10 years |
| Customer relations and support | Respond to user requests | Legitimate interest | Email, username, content of exchanges | 3 years after the last contact |
| Communication and community engagement | Newsletters, events, community engagement | Consent (newsletter) or legitimate interest | Email, username, preferences | 3 years after the last contact; until consent is withdrawn |
| Audience measurement, monitoring, cookies | Statistics, technical security, logs | Legitimate interest; consent (non-essential cookies) | IP address, technical identifiers, logs, cookies | Logs: 6 to 13 months; cookies: 13 months maximum |
| Partners (publishers, developers) | Manage partnerships and pay out royalties | Performance of the contract; legal obligation | Identity, contact details, bank details (IBAN), amounts | Duration of the relationship + 10 years |
| Accounting and legal obligations | Keep accounts, comply with tax obligations | Legal obligation | Billing and accounting data | 10 years |
To provide its services, GAME PARK uses providers acting as processors within the meaning of Article 28 of the GDPR. Each is governed by a data processing agreement (DPA). Your data is never sold to third parties.
| Processor | Role | Location | Transfer outside the EU |
|---|---|---|---|
| Clever Cloud | Hosting and managed MongoDB database | France | No |
| Stripe | Payment provider | USA / EU | Yes — Standard Contractual Clauses (SCCs) and Data Privacy Framework |
| Mailjet (Sinch) | Sending emails and newsletters | France / EU | No (EU); SCCs for any sub-processors |
| Pusher (Bird) | Real-time notifications | United Kingdom | Country recognised as adequate (SCCs/DPF in addition) |
| Datadog | Logs and technical monitoring | USA | Yes — Standard Contractual Clauses (SCCs) |
| Infomaniak | Professional email, storage (kDrive), video conferencing | Switzerland | Country recognised as adequate |
Some of our processors may process data outside the European Union. Transfers to the United States (Stripe, Datadog) are governed by the European Commission's Standard Contractual Clauses (SCCs) and, where applicable, by the Data Privacy Framework. Switzerland (Infomaniak) and the United Kingdom (Pusher) benefit from an adequacy decision of the European Commission.
The website allows you to log in via four identity providers: Google, Facebook, Discord and Twitch. When you use this option, the provider concerned acts as a separate data controller, and not as a processor of GAME PARK. The processing of data it carries out is governed by its own privacy policy, which we encourage you to consult. GAME PARK only receives from these providers the data strictly necessary for the creation and authentication of your account (for example your email address and your public identifier).
Our website uses cookies and tracking technologies. Cookies strictly necessary for the operation of the website (authentication, security, preferences) do not require your consent. Non-essential cookies (in particular audience measurement) are only placed after your prior consent has been obtained, via a banner displayed during your visit. You may withdraw your consent or change your choices at any time. The lifespan of cookies does not exceed 13 months.
In accordance with the GDPR and the French Data Protection Act, you have the following rights over your personal data:
To exercise these rights, send your request by email to contact@game-park.com, providing proof of your identity.
We undertake to respond within one month of receiving your request, a period that may be extended by two months for complex requests.
If, after contacting us, you believe that your rights are not being respected, you may lodge a complaint with the CNIL (www.cnil.fr — 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07).
We implement appropriate technical and organisational measures to protect your data: passwords stored in hashed form, encryption of communications via HTTPS, restricted access to data, hosting in France (Clever Cloud), access logging and regular backups. Despite these measures, no transmission of data over the Internet can be guaranteed to be completely secure.
We may amend this privacy policy to reflect changes in our services or in regulations. Any significant change will be brought to your attention by appropriate means. The date of the last update appears at the top of this page.