Help Center
Privacy
OVERGEAR PRIVACY POLICY
Last Updated: May 21, 2026
OVERGEAR LIMITED (“Overgear,” “we,” “us,” or “our”), respects our Users' rights and are committed to protecting your privacy and keeping private data confidential. We take full responsibility for keeping your personal data (“Personal Data”) confidential and secure. This Privacy Policy outlines how we collect, store, process, share, and protect your Personal Data in compliance with applicable laws—including the General Data Protection Regulation (GDPR). This Privacy Policy applies only to data collected on the Overgear Website and its associated resources and does not extend to third-party websites linked from our Website.
By creating an Overgear Account or using our Website and Services, you consent to the collection and use of your Personal Data as described herein and in our Terms and Conditions (hereinafter referred to as the “User Agreement”). For complete details on the information we collect and how it is used, please review our full Privacy Policy. Any provision of the current document is only valid on the Overgear Website and associating resources.
We process Personal Data only where we have a lawful basis to do so, including where processing is necessary for the performance of a contract, compliance with legal obligations, Overgear’s legitimate interests, or where the User has provided consent for specific processing activities.
If you have any questions, please contact our Customer Service at support@overgear.com or through Customer Support.
1. What Personal Data Do We Collect?
Depending on how you use the Platform, we may collect and process the following categories of Personal Data:
Account and registration data:
KYC/EKYC, AML/CTF, sanctions and fraud prevention data:
In case a User loses access to their Overgear Account or in the case of conflict between Users, Overgear Customer Support is entitled to request a photocopy/scan/photo of an ID (citizen passport, driver’s license, ID card etc.) to validate registration data or the User’s rightful possession of the Overgear Account.
Our Services are intended for individuals who are 18 (eighteen) years of age or older. If you are under 18 (eighteen) “Minor”, you must obtain and provide documented parental or legal guardian consent, along with any additional required verification, before accessing our Services. Should we become aware that Personal Data from a Minor has been collected without proper authorization, we will promptly delete that data.
2. How do we process your Personal Data?
Overgear processes your Personal Data strictly in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). Depending on the relevant processing activity, we rely on one or more lawful bases, including performance of a contract, compliance with legal obligations, Overgear’s legitimate interests, and consent where required.
2.1. Processing Necessary for the Performance of a Contract:
We process Personal Data where necessary to provide the Platform and Services, perform our obligations under the Terms and Conditions, and administer the relationship with Users. This includes:
2.2. Processing Necessary for Compliance with Legal Obligations:
We may process Personal Data where necessary to comply with legal, regulatory, tax, accounting, AML/CTF, sanctions, fraud prevention, payment, consumer protection, law enforcement, dispute resolution, recordkeeping, reporting or other legal obligations applicable to Overgear.
This may include processing identity verification data, transaction records, payment-related data, tax or payout information, sanctions screening results, fraud monitoring data, chargeback records, communications, and other information required to comply with applicable law or respond to lawful requests from competent authorities.
2.3. Processing Based on Consent:
Where required by applicable law, we process Personal Data based on the User’s consent. This may include certain marketing communications, non-essential cookies, certain analytics or tracking technologies, participation in surveys, promotions or campaigns, and other processing activities where consent is required.
Users may withdraw consent at any time by using the unsubscribe or opt-out mechanism provided in the relevant communication, adjusting available privacy or cookie settings, or contacting us at support@overgear.com or through Customer Support. Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn.
2.4. Processing Based on Overgear’s Legitimate Interests:
2.5. Data Sharing with Third Parties:
Overgear shares your Personal Data strictly as necessary for the purposes described in this Privacy Policy, including to provide, operate, secure, support and improve our Platform, process payments and payouts, administer Orders and refunds, prevent fraud and abuse, comply with legal obligations, conduct analytics and product analytics, provide customer support, and carry out marketing communications where permitted by applicable law.
We process and share Personal Data based on explicit legal grounds such as the performance of a contract, compliance with legal obligations, legitimate interests, or with User's explicit consent.
The categories of third parties and service providers listed below are intended to describe the main types of recipients and examples of providers used by Overgear. The specific providers, integrations and processing activities may change from time to time depending on the development of the Platform, operational needs, security requirements, payment methods, compliance requirements, and available service providers. Where required by applicable law, Overgear will update this Privacy Policy or provide additional notices regarding material changes.
Categories of third parties we may share Personal Data with include:
Where processing or sharing of Personal Data for marketing, advertising, analytics, product analytics, cookies or similar tracking technologies requires consent under applicable law, Overgear will request such consent separately.
Marketing, promotional, reactivation, upsell, cross-sell, newsletter or similar commercial communications will be sent only where permitted by applicable law, including on the basis of consent, soft opt-in where legally available, or another applicable lawful basis.
Users may withdraw consent or opt out of marketing communications at any time by using the unsubscribe or opt-out instructions included in the relevant message, adjusting available privacy or cookie settings, or contacting Customer Support at support@overgear.com.
Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn.
For detailed information on cookies used, see our separate Cookie Policy available on our Website.
2.6. Technical and Service Communications:
We may use email, Platform chat, Intercom, WhatsApp, SMS, phone calls, or similar communication channels to send service-related and transactional communications, including messages concerning account registration, orders, delivery coordination, customer support, disputes, refunds, payments, security alerts, account notices, policy updates, compliance checks, KYC/EKYC requests, fraud prevention and other communications necessary to provide the Services, perform the Terms and Conditions, comply with legal obligations, or protect Overgear’s and Users’ legitimate interests.
Marketing, promotional, reactivation, upsell, cross-sell, newsletter, or similar commercial communications by email, SMS, WhatsApp, Intercom, Maestra or other channels will be sent only where permitted by applicable law, including on the basis of consent, soft opt-in where legally available, or another applicable lawful basis.
A User’s provision of a phone number for urgent, emergency, order-related, delivery, support, security or compliance purposes does not, by itself, constitute consent to receive marketing communications. Similarly, a User’s decision to contact Overgear through WhatsApp, SMS, Intercom or another messaging channel does not, by itself, constitute consent to be added to marketing subscriber lists.
Users may opt out of marketing communications at any time by following the unsubscribe or opt-out instructions included in the relevant message, replying with an applicable opt-out keyword where supported, adjusting communication preferences where available, or contacting Customer Support.
We maintain records of communication preferences, consents, opt-ins, opt-outs and unsubscribe requests where necessary to comply with applicable laws, platform rules and internal compliance procedures.
OVERGEAR LIMITED (“Overgear,” “we,” “us,” or “our”), respects our Users' rights and are committed to protecting your privacy and keeping private data confidential. We take full responsibility for keeping your personal data (“Personal Data”) confidential and secure. This Privacy Policy outlines how we collect, store, process, share, and protect your Personal Data in compliance with applicable laws—including the General Data Protection Regulation (GDPR). This Privacy Policy applies only to data collected on the Overgear Website and its associated resources and does not extend to third-party websites linked from our Website.
By creating an Overgear Account or using our Website and Services, you consent to the collection and use of your Personal Data as described herein and in our Terms and Conditions (hereinafter referred to as the “User Agreement”). For complete details on the information we collect and how it is used, please review our full Privacy Policy. Any provision of the current document is only valid on the Overgear Website and associating resources.
We process Personal Data only where we have a lawful basis to do so, including where processing is necessary for the performance of a contract, compliance with legal obligations, Overgear’s legitimate interests, or where the User has provided consent for specific processing activities.
If you have any questions, please contact our Customer Service at support@overgear.com or through Customer Support.
1. What Personal Data Do We Collect?
Depending on how you use the Platform, we may collect and process the following categories of Personal Data:
Account and registration data:
- email address;
- username, nickname or display name;
- social login or social media profile identifiers, where used for registration or login;
- account ID, internal user ID, User role, account type, account status and related account information.
- first name and last name;
- date of birth or age confirmation;
- contact details, including email address, phone number and messenger details;
- residential address, where required;
- copies or details of identity documents, where required for verification;
- tax, payout, payment or compliance-related information required to verify and administer Seller status and payouts.
- phone numbers, WhatsApp numbers, Telegram, Skype, Discord or other messenger identifiers;
- communication preferences, consent and opt-out records;
- Intercom identifiers;
- customer support messages, chat transcripts, order-related communications and support history.
- order details, selected services or goods, delivery details and order status;
- game-specific information provided by the User where necessary for order delivery, such as server names, character names, in-game identifiers or other delivery-related information;
- transaction amount, transaction date, payment method, payment identifiers, refund records, chargeback records, internal transaction records and related reconciliation information.
- limited payment-related information necessary to administer purchases, refunds, chargebacks, reconciliation, fraud prevention and compliance;
- payment identifiers, payment status, transaction references, masked card details, card type, expiry date, last four digits, billing details or payment tokens, where made available by payment service providers.
KYC/EKYC, AML/CTF, sanctions and fraud prevention data:
- identity documents and verification results;
- proof of address, date of birth, nationality or residency information, where required;
- biometric data, such as facial images or liveness check data, where processed by verification providers for identity verification;
- sanctions screening results, risk indicators, fraud signals, transaction monitoring data, device data, IP address, geolocation data and source-of-funds or source-of-wealth information where required.
- IP address and approximate location derived from IP address;
- browser type and version, operating system, device type, device identifiers, user agent, language settings, time zone, screen and viewport parameters;
- session identifiers, event timestamps, referring domain, URLs and paths visited, navigation events, technical logs, performance metrics and Website usage data.
- event data, feature usage data, funnel events, performance metrics, interaction data and product analytics data;
- internal user IDs, email addresses, nicknames, User roles or account types, where such data is processed through self-hosted product analytics tools such as self-hosted PostHog and is reasonably necessary for product analytics, technical diagnostics, internal reporting, fraud or abuse detection, customer support or improvement of the Platform.
- marketing preferences, consent and opt-out records;
- campaign interactions, promotional code usage, advertising identifiers, cookie identifiers, website behavior, email engagement metrics and similar marketing analytics data, where permitted by applicable law.
- nickname;
- public profile rating;
- reviews;
- total number of transactions and success rate;
- other information that the User intentionally makes public on the Platform.
In case a User loses access to their Overgear Account or in the case of conflict between Users, Overgear Customer Support is entitled to request a photocopy/scan/photo of an ID (citizen passport, driver’s license, ID card etc.) to validate registration data or the User’s rightful possession of the Overgear Account.
Our Services are intended for individuals who are 18 (eighteen) years of age or older. If you are under 18 (eighteen) “Minor”, you must obtain and provide documented parental or legal guardian consent, along with any additional required verification, before accessing our Services. Should we become aware that Personal Data from a Minor has been collected without proper authorization, we will promptly delete that data.
2. How do we process your Personal Data?
Overgear processes your Personal Data strictly in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). Depending on the relevant processing activity, we rely on one or more lawful bases, including performance of a contract, compliance with legal obligations, Overgear’s legitimate interests, and consent where required.
2.1. Processing Necessary for the Performance of a Contract:
We process Personal Data where necessary to provide the Platform and Services, perform our obligations under the Terms and Conditions, and administer the relationship with Users. This includes:
- account registration, authentication and account management;
- order placement, order administration and delivery coordination;
- communication between Buyers, Sellers and Overgear;
- customer support, dispute handling and Overgear Arbitration;
- refund administration, chargeback handling and transaction reconciliation;
- Seller registration, verification, administration of Seller status and payout administration;
2.2. Processing Necessary for Compliance with Legal Obligations:
We may process Personal Data where necessary to comply with legal, regulatory, tax, accounting, AML/CTF, sanctions, fraud prevention, payment, consumer protection, law enforcement, dispute resolution, recordkeeping, reporting or other legal obligations applicable to Overgear.
This may include processing identity verification data, transaction records, payment-related data, tax or payout information, sanctions screening results, fraud monitoring data, chargeback records, communications, and other information required to comply with applicable law or respond to lawful requests from competent authorities.
2.3. Processing Based on Consent:
Where required by applicable law, we process Personal Data based on the User’s consent. This may include certain marketing communications, non-essential cookies, certain analytics or tracking technologies, participation in surveys, promotions or campaigns, and other processing activities where consent is required.
Users may withdraw consent at any time by using the unsubscribe or opt-out mechanism provided in the relevant communication, adjusting available privacy or cookie settings, or contacting us at support@overgear.com or through Customer Support. Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn.
2.4. Processing Based on Overgear’s Legitimate Interests:
- maintaining, securing and improving the Platform;
- preventing fraud, abuse, misuse, chargebacks, security incidents and violations of the Terms and Conditions;
- conducting product analytics, service analytics, internal reporting and business analytics;
- improving User experience, Website functionality and Platform performance through analytics, product analytics, usage analysis, diagnostics and similar tools, subject to applicable consent or opt-out requirements. Measuring marketing effectiveness and, where permitted by applicable law, delivering targeted advertising or personalized content, subject to applicable consent, opt-out, cookie preference and direct marketing requirements.
- maintaining records of orders, disputes, support interactions and communications;
- enforcing contractual terms and protecting Overgear, Users, payment partners and third parties;
- administering internal operations, technical infrastructure, troubleshooting, audits and compliance reviews;
- sending service-related communications and limited non-promotional communications where permitted by law.
2.5. Data Sharing with Third Parties:
Overgear shares your Personal Data strictly as necessary for the purposes described in this Privacy Policy, including to provide, operate, secure, support and improve our Platform, process payments and payouts, administer Orders and refunds, prevent fraud and abuse, comply with legal obligations, conduct analytics and product analytics, provide customer support, and carry out marketing communications where permitted by applicable law.
We process and share Personal Data based on explicit legal grounds such as the performance of a contract, compliance with legal obligations, legitimate interests, or with User's explicit consent.
The categories of third parties and service providers listed below are intended to describe the main types of recipients and examples of providers used by Overgear. The specific providers, integrations and processing activities may change from time to time depending on the development of the Platform, operational needs, security requirements, payment methods, compliance requirements, and available service providers. Where required by applicable law, Overgear will update this Privacy Policy or provide additional notices regarding material changes.
Categories of third parties we may share Personal Data with include:
- Partner Companies: Partner companies may assist Overgear in providing, operating, supporting or improving the Platform and related services. Where such partners process Personal Data on behalf of Overgear, they do so under appropriate contractual obligations, including Data Processing Agreements or equivalent data protection terms where required..
- Payment Systems and Processors: Including emerchantpay, QIWI, Stripe, PayPal, ecommpay, Unlimint, nowpayments, AMEX, and other certified payment providers facilitating secure transactions. Shared data includes names, email addresses, IP addresses, transaction details, payment identifiers, and related billing information. Shared data may include names, email addresses, billing details, IP addresses, transaction details, payment identifiers, masked card details, payment method information, refund records, chargeback records, payout details and related reconciliation or compliance information.Full card numbers, cardholder credentials and sensitive payment authentication data are processed by certified third-party payment service providers, acquiring banks or payment processors. Overgear does not intentionally store full payment card numbers, CVV/CVC codes or sensitive authentication data, except where expressly permitted and required under applicable payment provider rules, PCI DSS requirements and applicable law.
- Sumsub: Conducts identity verification, Know Your Customer (KYC) procedures, Anti-Money Laundering (AML) screenings, fraud prevention, and compliance with AML/CFT regulations. Processed data includes government-issued identification documents (e.g., passport or identity cards), contact information (email, phone number), masked banking/card details, geolocation data (IP address and general geographic location), and information related to source of funds checks. Sumsub may independently process anonymized or aggregated data to enhance its fraud detection and risk scoring capabilities. All international data transfers comply with applicable data protection laws and utilize appropriate safeguards such as Standard Contractual Clauses (SCCs).
- Mixpanel: Collects and analyzes detailed User interaction data including personal identifiers (IP addresses, browser information, interaction metrics) and aggregated usage data for analytics and event tracking purposes.
- Hotjar: Collects heatmaps, clicks, mouse movements, session recordings, IP addresses (anonymized within 30 (thirty) days), device data, and User feedback for Website usability enhancement. Hotjar complies fully with GDPR and applicable privacy laws.
- Google Analytics (GA4): Collects only anonymized, cookie-based browser data to analyze User interactions.
- PostHog: Overgear may use a self-hosted PostHog instance for product analytics, event-based analytics, feature usage analysis, feature flags, error tracking and related technical diagnostics. Where PostHog is self-hosted, analytics data is processed on infrastructure controlled by Overgear or its authorised hosting providers and is not sent to PostHog’s cloud analytics environment.PostHog may process account-linked and technical data, including internal user IDs, email addresses, nicknames, User roles or account types, device and session identifiers, event history, feature usage, URLs or paths visited, browser and device information, timestamps, and approximate location derived from IP address, where reasonably necessary for analytics, diagnostics, internal reporting, fraud or abuse detection, customer support, error tracking, feature flagging or Platform improvement. Where technically feasible, Overgear configures self-hosted PostHog to reduce or discard stored IP address data and applies data minimisation, masking, redaction, URL sanitisation, access controls and retention limits. Overgear does not intentionally send payment card data, sensitive authentication data, KYC documents, passwords, private chat content, full account credentials, or other sensitive information to PostHog.
- Bing (Microsoft Ads), Google Ads, Facebook Ads, Red Tracker: Collect only anonymized, cookie-based browser data for targeted advertising and performance analysis. No direct personal identifiers beyond cookies are transmitted to these trackers.
- Salesforce: Manages User relationships, communications, and support, processing contact details, User profiles, support inquiries, and transaction histories. Salesforce adheres to GDPR standards, using SCCs or equivalent safeguards for international data transfers.
- Intercom: Facilitates User communications and support, processing contact details, chat transcripts, support interactions, device data, and service usage (IP addresses, browser data). Compliant with GDPR standards, including international data transfer safeguards.
- Overgear may use WhatsApp Business solution providers, SMS providers, Octopods or similar messaging integration providers to support customer communications, service-related messages, order-related communications, delivery coordination, support, reactivation, marketing communications where permitted, and communication preference management.
- Such providers may process phone numbers, WhatsApp numbers, messaging identifiers, communication history, message delivery status, opt-in and opt-out records, communication preferences, User IDs and related support or order information.
- A User’s provision of a phone number for urgent, emergency, order-related, delivery, support, security or compliance purposes does not, by itself, constitute consent to receive marketing communications. Marketing communications by SMS, WhatsApp or similar channels will be sent only where permitted by applicable law and platform rules.
- Maestra: Manages personalized marketing communications, processing email addresses, User interactions, site behavior, and promotional metrics under a Master Service Agreement and DPA, compliant with GDPR, using SCCs for international transfers.
- Sift: Detects and prevents fraud by analyzing User identifiers, contact details, transaction data, device metadata, IP addresses, and limited payment details using proprietary machine-learning techniques. Ensures secure handling, anonymization, and GDPR compliance.
- Datadog: Monitors infrastructure, processing IP addresses, system logs, technical metadata, session and account details, device and browser information. Datadog provides data encryption, security certifications (ISO 27001, SOC 2 Type II), immediate breach notifications, and international transfers using SCCs.
- Overgear may use hosting, cloud, backup, infrastructure and technical service providers to host, store, back up, secure, monitor and maintain the Platform and related systems. Such providers may include OVH, DigitalOcean, Contabo, UltaHost, AWS for backups, and other authorised hosting, cloud, backup or infrastructure providers used by Overgear from time to time.
- Such providers may process Personal Data including account data, technical data, logs, IP addresses, device and browser information, order-related data, communication data, analytics data, backup data and other information necessary for hosting, storage, backups, security, availability, troubleshooting, disaster recovery, infrastructure monitoring and operation of the Platform.
- Where such providers process Personal Data outside the EEA, Overgear relies on appropriate safeguards as described in the International Data Transfers section of this Privacy Policy.
- Slack: Facilitates internal team communication. Limited Personal Data, such as usernames or details related to User support requests, may occasionally be shared internally via Slack solely for administrative purposes, internal support resolution, and efficient processing of user requests. Slack complies with GDPR standards, ensuring adequate data protection through contractual safeguards such as Standard Contractual Clauses (SCCs).
- Make (Celonis): Automates workflows, processing Personal Data (contact details, usernames, usage data, device information) under Celonis’s Master Services Agreement, DPAs, and SCCs for international data transfers.
- Jotform: Used for online form management, including recruiting Boosters (Sellers) and processing User data erasure (GDPR Right to Erasure requests). Data processed via Jotform includes names, surnames, usernames, email addresses, phone numbers, messenger details (WhatsApp, Telegram, Skype, Discord), date of birth, copies of identification documents (such as passports), and other relevant Personal Data strictly necessary for identity verification, service provision, recruitment processes, payment processing, regulatory compliance, and fulfillment of data subject requests (e.g., erasure requests). Data is stored securely by Jotform under GDPR-compliant standards, including PCI DSS certification, and protected by Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) for international transfers.
- Retool (if applicable): May be used internally to manage dashboards and user-related applications configured by Overgear. Retool might temporarily store, process, or transmit limited User Personal Data such as usernames, contact information, or transaction-related data, strictly for internal administrative purposes, support operations, or service improvement. Retool processes data solely in line with Overgear’s documented instructions and does not permanently retain personal data beyond the duration necessary for processing purposes. All international data transfers via Retool are secured by GDPR-compliant safeguards, including Standard Contractual Clauses (SCCs).
- We may disclose Personal Data when legally required, upon receiving valid legal requests and proper documentation.
- During marketing campaigns, Overgear securely collects and transfers engagement data (promotional codes, interactions) to analytics and marketing platforms (Maestra, Mixpanel), strictly complying with GDPR.
- Overgear may share Seller / Booster-specific Personal Data with payment providers, payout providers, identity verification providers, KYC/EKYC providers, fraud prevention providers, tax or compliance advisers and other relevant service providers where necessary to register and verify Sellers, administer Seller status, manage payouts, prevent fraud, comply with legal obligations and enforce the Terms and Conditions.
- Where third-party providers process Personal Data on behalf of Overgear, we enter into Data Processing Agreements or equivalent data protection terms where required by applicable law. Processing by processors is governed by contracts or other legal acts that set out the subject matter, duration, nature and purpose of processing, types of Personal Data, categories of data subjects and the obligations and rights of the controller, as required under applicable data protection laws.
- If a provider fails to demonstrate appropriate data protection standards or refuses to enter into required data protection terms, Overgear may suspend, restrict or terminate data sharing with that provider until appropriate safeguards are confirmed.
- Where Personal Data is transferred outside the EEA, we rely on appropriate transfer mechanisms and safeguards as required by applicable data protection laws, including adequacy decisions, Standard Contractual Clauses, transfer impact assessments, supplementary safeguards or other lawful transfer mechanisms where applicable.
Where processing or sharing of Personal Data for marketing, advertising, analytics, product analytics, cookies or similar tracking technologies requires consent under applicable law, Overgear will request such consent separately.
Marketing, promotional, reactivation, upsell, cross-sell, newsletter or similar commercial communications will be sent only where permitted by applicable law, including on the basis of consent, soft opt-in where legally available, or another applicable lawful basis.
Users may withdraw consent or opt out of marketing communications at any time by using the unsubscribe or opt-out instructions included in the relevant message, adjusting available privacy or cookie settings, or contacting Customer Support at support@overgear.com.
Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn.
For detailed information on cookies used, see our separate Cookie Policy available on our Website.
2.6. Technical and Service Communications:
We may use email, Platform chat, Intercom, WhatsApp, SMS, phone calls, or similar communication channels to send service-related and transactional communications, including messages concerning account registration, orders, delivery coordination, customer support, disputes, refunds, payments, security alerts, account notices, policy updates, compliance checks, KYC/EKYC requests, fraud prevention and other communications necessary to provide the Services, perform the Terms and Conditions, comply with legal obligations, or protect Overgear’s and Users’ legitimate interests.
Marketing, promotional, reactivation, upsell, cross-sell, newsletter, or similar commercial communications by email, SMS, WhatsApp, Intercom, Maestra or other channels will be sent only where permitted by applicable law, including on the basis of consent, soft opt-in where legally available, or another applicable lawful basis.
A User’s provision of a phone number for urgent, emergency, order-related, delivery, support, security or compliance purposes does not, by itself, constitute consent to receive marketing communications. Similarly, a User’s decision to contact Overgear through WhatsApp, SMS, Intercom or another messaging channel does not, by itself, constitute consent to be added to marketing subscriber lists.
Users may opt out of marketing communications at any time by following the unsubscribe or opt-out instructions included in the relevant message, replying with an applicable opt-out keyword where supported, adjusting communication preferences where available, or contacting Customer Support.
We maintain records of communication preferences, consents, opt-ins, opt-outs and unsubscribe requests where necessary to comply with applicable laws, platform rules and internal compliance procedures.
3. Cases in which Overgear collects and processes Personal Data
We collect your Personal Data in specific cases during your interaction with our Website and Services, including:
Data processing for promotional and marketing purposes is conducted exclusively with your explicit consent. You have the right to withdraw this consent or opt out at any time by contacting our Customer Service at support@overgear.com.
Controller Information:
All Personal Data of users is legally stored and managed in compliance with data processing legislation, including GDPR and the Law on Personal Data Protection.
OVERGEAR LIMITED is the controller for storage and processing of Personal Data, registered to an address Diagorou 4, Kermia Building, 3rd floor, office 304, 1097, Nicosia, Cyprus.
4. Storage and processing of Personal Data
Overgear stores and processes Personal Data using secure infrastructure and trusted hosting, cloud, backup, infrastructure and technical service providers selected with regard to data protection, security, reliability and operational requirements.
OVH is Overgear’s primary hosting and infrastructure provider for the Platform. Personal Data may also be stored, backed up, or otherwise processed through other hosting, cloud, backup and infrastructure providers used by Overgear from time to time, including but not limited to:
Where Overgear uses self-hosted tools, including self-hosted PostHog for product analytics, such tools are configured on infrastructure controlled by Overgear or its authorised hosting providers.
Some service providers may process Personal Data in jurisdictions outside the EEA where necessary for the purposes described in this Privacy Policy, including hosting, backups, customer support, payments, KYC/EKYC, fraud prevention, sanctions screening, analytics, product analytics, marketing automation, infrastructure monitoring, security, workflow automation and other operational or compliance purposes. International transfers are handled in accordance with Section 5 of this Privacy Policy.
Overgear applies appropriate technical and organisational measures designed to protect Personal Data against unauthorised access, loss, misuse, alteration, disclosure or destruction.
5. International Data Transfers
Personal Data may be transferred to, stored in, or accessed from countries outside the EEA where necessary for the purposes described in this Privacy Policy, including where Overgear uses hosting, cloud, backup, infrastructure, payment, KYC/EKYC, fraud prevention, analytics, product analytics, customer support, marketing, security, communication, workflow automation or other service providers located in or providing services from other jurisdictions.
Where Personal Data is transferred outside the EEA, Overgear relies on appropriate transfer mechanisms and safeguards as required by applicable data protection laws, including adequacy decisions, Standard Contractual Clauses, transfer impact assessments, supplementary safeguards, or other lawful transfer mechanisms where applicable.
Overgear periodically reviews its service providers, hosting locations, backup locations and transfer mechanisms to maintain an appropriate level of protection for Personal Data.
6. Publicly Available Data
To encourage interaction between Users, the following data may be publicly displayed on our Website:
Overgear employs comprehensive security practices to protect your Personal Data in compliance with GDPR and applicable data protection laws. Our security framework includes:
8. Users’ rights regarding their Personal Data and the Website
In compliance with GDPR, you have the following rights regarding your Personal Data:
8.1. Right to Access:
You may request information about what Personal Data we store and how we use it.
8.2. Right to Rectification:
You may ask us to correct, update, or delete your Personal Data if inaccurate, incomplete, or outdated.
8.3. Right to Restriction of Processing:
You may request that we restrict data processing, such as unsubscribing from marketing communications.
8.4. Right to Erasure (“Right to be Forgotten”):
You may request complete deletion of your Personal Data. Note that transaction history or data necessary for legal compliance may be retained.
8.4.1. To exercise your right to erasure under Article 17 of the GDPR, please complete our Erasure Request Form. The form requires you to provide your full name, contact details, and the necessary identification documents (e.g., a copy of your passport, driver’s license, or national ID) to verify your identity. Once we receive your complete request along with all required documentation, we will review your submission and respond within 1 (one) month. Please note that if the provided documentation is incomplete, your request may be delayed until sufficient evidence is submitted.
8.5. Right to Data Portability: You may request a structured, machine-readable copy of your data for transfer to another service provider.
8.6. Right to Object: You may object to data processing for purposes including direct marketing, research, or analytics.
8.7. Right Against Automated Decision-Making: You have the right to oppose decisions based solely on automated processing, including profiling.
8.8. Right to Lodge a Complaint: If you believe your GDPR rights have been violated, you may file a complaint with the relevant supervisory authority.
8.9. Right to Managing Consent: You have the right to manage or withdraw your consent for processing activities at any time. You can do so by contacting Customer Support at support@overgear.com.
To exercise these rights, contact us at support@overgear.com or use our dedicated online form. Overgear responds to all valid GDPR-related requests within 30 (thirty) days, unless legally permitted extensions apply.
8.10. Overgear reserves the right to refuse any request for data erasure or access that is manifestly unfounded or excessive, in accordance with Article 12(5) of the GDPR. In such cases, we may charge a reasonable fee for processing the request. This measure is implemented to ensure that processing such requests does not impose an undue burden on our systems and to protect the rights and freedoms of other Users.
8.11. California Residents (CCPA): Where applicable, California residents may have additional rights under California privacy laws, including rights to know, access, delete, correct and opt out of certain uses or disclosures of Personal Information. Overgear does not sell Personal Data in the ordinary meaning of “sale.” To exercise applicable rights, please contact us at legal@overgear.com.
8.12. If you have concerns or complaints regarding Overgear’s compliance with personal data protection laws, you have the right to contact the relevant supervisory authority:
Office of the Commissioner for Personal Data Protection (Cyprus)
Website: http://www.dataprotection.gov.cy
Email: commissioner@dataprotection.gov.cy
Phone: +357 22 818456
9. Disclaimer Regarding External Content and Links
Users of Overgear may post content and links to external resources in accordance with our User Agreement. To safeguard Personal Data, our Customer Service team monitors compliance with these provisions and removes any user-posted content (or User-Generated Content) or links that pose a security risk to other Users. Please note that while we review such submissions for potential threats, we do not re-moderate posted products, auctions, or online chats once they have been approved.
By posting or interacting with external content, you acknowledge that Overgear is not affiliated with these external resources and does not endorse their content or practices. Consequently, Overgear expressly disclaims any direct or indirect liability for any damages, data loss, or account data theft that may result from following external links or engaging with content on third-party sites. Users are strongly advised to exercise caution and review the privacy and security policies of any external sites they visit, as Overgear does not control or guarantee the practices or content of such sites.
10. Data Breach Notification
In the event of a data breach or unauthorized access to Personal Data, Overgear will promptly notify affected Users and the relevant regulatory authorities in accordance with applicable law. We will take immediate steps to investigate the incident, mitigate its effects, and prevent future breaches. Detailed information and recommendations will be provided to affected Users as soon as possible.
11. Account Security and Protection
To safeguard your Account, we recommend that you:
12. Advertising and Marketing Communications
Where permitted by applicable law, Overgear may use Personal Data to send marketing, promotional, reactivation, upsell, cross-sell, newsletter or similar commercial communications by email, SMS, WhatsApp, Intercom, Maestra or other channels.
Such communications will be sent only where permitted by applicable law, including on the basis of consent, soft opt-in where legally available, or another applicable lawful basis.
Users may opt out of marketing communications at any time by using the unsubscribe or opt-out instructions included in the relevant message, replying with an applicable opt-out keyword where supported, adjusting communication preferences where available, or contacting Customer Support.
Opting out of marketing communications does not prevent Overgear from sending service-related, transactional, security, legal, compliance, account-related or order-related communications that we are permitted or required to send.
Users may opt out of marketing communications, targeted advertising, sale or sharing of Personal Data, profiling, or similar processing activities where such rights are available under applicable law.
Overgear will provide appropriate opt-out mechanisms, including through cookie settings, privacy preference tools, unsubscribe links, Customer Support, or other methods made available on the Platform.
Opting out of marketing, targeted advertising or personalization does not prevent Overgear from sending service-related, transactional, security, legal, compliance or account-related communications where such communications are necessary or permitted by applicable law.
13. Cookies and Tracking Technologies
Overgear uses cookies, web beacons, pixels, tags, SDKs and similar tracking technologies to operate the Website and Platform, improve service quality, analyze User behavior, measure Website and Platform performance, support product analytics, remember User preferences, ensure security, prevent fraud, and, where permitted, deliver personalized content or advertising.
Depending on the User’s location and applicable law, certain Cookies and similar technologies may be used only after the User has provided consent, while others may be used under an opt-out model where legally permitted.
Users may manage or change their Cookie Preferences through the cookie banner, cookie preference center, browser settings, device settings, or other tools made available on the Website.
Location-Based Consent and Opt-Out Mechanisms
Depending on the User’s location and applicable law, Overgear may apply different cookie consent, preference management and opt-out mechanisms.
Where prior consent is required by applicable law, non-essential Cookies and similar tracking technologies will be used only after such consent is obtained.
Where applicable law allows an opt-out model, Overgear may use certain analytics, advertising, product analytics or similar technologies by default, provided that Users are given clear information and an effective opportunity to opt out.
The specific categories of technologies enabled by default may vary depending on the User’s location, applicable law, and Overgear’s internal compliance settings. For example, in certain jurisdictions Overgear may enable analytics technologies by default while keeping advertising, retargeting, personalization or similar technologies disabled until the User makes a choice.
Where required by applicable law, Overgear will honor applicable opt-out preference signals, such as Global Privacy Control or other legally recognized universal opt-out mechanisms.
For more detailed information, please refer to our Cookie Policy.
14. Data Retention and Deletion
We retain Personal Data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including account administration, order administration, customer support, dispute resolution, refund processing, fraud prevention, security, compliance, accounting, tax, AML/CTF, sanctions screening, legal claims and enforcement of our Terms and Conditions.
Retention periods may vary depending on the type of data, purpose of processing, applicable legal requirements, payment provider rules, dispute or chargeback periods, fraud prevention needs, security requirements and operational necessity.
Account-related information is generally retained while the Account remains active and for a reasonable period after deactivation where necessary for legal, security, dispute resolution, fraud prevention or compliance purposes.
Transaction, payment, accounting and tax-related records may be retained for the period required by applicable law, generally up to 5 (five) years or longer where required by law or necessary for legal claims, audits, chargebacks or regulatory purposes.
Chat, support and communication data may be retained for up to 3 (three) years after the last interaction, unless a longer period is necessary for dispute resolution, legal claims, fraud prevention, compliance or security purposes.
KYC/EKYC, AML/CTF, sanctions screening and fraud prevention data may be retained for the period required by applicable law, regulatory obligations, payment provider requirements, risk management, fraud prevention or legal claims.
Analytics and product analytics data, including data processed through self-hosted tools such as PostHog, may be retained for a limited period necessary for product improvement, technical diagnostics, feature usage analysis, business analytics, internal reporting, error tracking, security and fraud or abuse detection.
Where PostHog or similar product analytics tools process IP addresses primarily for product analytics, Overgear seeks to minimise such processing by disabling IP storage, truncating, anonymising, discarding, aggregating or shortening retention where technically feasible.
Full IP addresses processed primarily for product analytics should not be retained longer than necessary for the relevant purpose. Unless a longer period is justified by security, fraud prevention, payment risk, legal, compliance or technical necessity, such data should be retained for no longer than 90 (ninety) days.
Aggregated, anonymised or non-identifiable analytics data may be retained for a longer period for statistical, product improvement, reporting and business analytics purposes.
Consent, opt-in and opt-out records may be retained as necessary to demonstrate compliance with applicable laws, platform rules and internal compliance procedures.
Upon expiration of applicable retention periods, Personal Data will be deleted, anonymized or aggregated unless continued retention is required or permitted by applicable law.
15. Privacy Policy Changes
Overgear reserves the right to modify or update this Privacy Policy at any time to reflect changes in our Services, practices, or legal requirements. In the event that no specific effective date is provided, any material changes will automatically become effective 30 (thirty) days after being posted on this page. We will communicate any material changes to you via email, prominent notices on our Website, and through our Online Chat. Your continued use of our Services after the effective date constitutes your acceptance of the revised terms. We remain committed to respecting our Users’ rights and ensuring transparency in how your Personal Data is managed.
16. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Customer Support at:
We collect your Personal Data in specific cases during your interaction with our Website and Services, including:
- Website Visits: When Users visit the Website or use the Platform, we may automatically collect technical data, including IP address, device and browser information, session identifiers, pages visited, URLs or paths, timestamps, cookies and similar identifiers, performance data and security logs. We use this data for Website functionality, security, fraud prevention, bot detection, troubleshooting, analytics, product analytics, error tracking and service improvement. IP addresses and technical logs used for security, fraud prevention, payment risk checks, abuse prevention or compliance may be retained for a period reasonably necessary for those purposes, including where required by payment providers or applicable law. IP addresses and similar technical data used primarily for product analytics are subject to separate retention limits and, where technically feasible, may be anonymised, truncated, discarded or aggregated.
- Account Creation and Updates: When registering or updating your Overgear Account, we collect your email address, username, and social network profile (if registered via social login).
- Chat Communications: Your messages exchanged in Online Chat are stored to facilitate the provision of Seller Services, maintain quality, and ensure compliance with platform rules.
- Order Placement: We process Personal Data necessary to administer Orders, payments, refunds, delivery coordination, fraud prevention and customer support. Certain payment methods may require additional information, such as full name, billing address, country, city, phone number, postcode, payment identifiers, or other payment-related details required by the relevant payment provider.Payments are processed through certified third-party payment service providers, acquiring banks, payment processors, card schemes or other payment partners. Full card numbers, CVV/CVC codes and other sensitive payment authentication data are processed by such certified third-party providers and are not intentionally stored by Overgear. Overgear may receive and securely store limited payment-related data necessary for transaction administration, refunds, chargebacks, reconciliation, fraud prevention and compliance, such as the payer’s name, billing details, transaction references, payment status, payment method, payment identifiers, masked card details, card type, card expiry date, last four digits, payment tokens, chargeback records and refund records. Where Users choose to save payment credentials for future transactions, such processing is carried out in accordance with applicable payment provider rules, PCI DSS requirements, and Overgear’s Agreement on the Storage and Usage of Credentials on File or equivalent payment credentials terms..
- Post-Purchase Information: Additional game-specific details (e.g., server or character names) provided after placing an Order are stored securely to enable efficient delivery of services.
- Identity Verification, Fraud Prevention & KYC: We may collect and process Personal Data including full name, date of birth, contact information, residential address, proof of address, biometric data (such as facial images or liveness check data), geolocation data (IP address), government-issued identification documents, transaction history, payment-related data, source-of-funds or source-of-wealth information, device data, risk signals, screening results, fraud indicators and other relevant information required to comply with Know Your Customer (KYC), Anti-Money Laundering (AML), fraud prevention, and AML/CFT regulations. Data is securely processed and transferred through GDPR-compliant third-party providers such as Sumsub and Sift.
- Online Forms and Data Collection (Jotform): We may collect and process Personal Data via online forms powered by Jotform for purposes such as identity verification, Seller recruitment, service delivery, processing requests for exercising data subject rights (including GDPR Right to Erasure requests), and compliance with legal obligations. Collected data typically includes name, surname, usernames, email addresses, phone numbers, messenger contacts, birthdates, identity document copies (e.g., passports), and other necessary data. Jotform securely processes and stores data under GDPR-compliant standards, with international data transfers protected by Standard Contractual Clauses (SCCs).
- Marketing & Analytics: With your explicit consent, we collect and transfer Personal Data to marketing and analytics partners for Website usage analysis and advertising campaign management. Data collected and transferred includes IP addresses, cookies, device and browser identifiers, behavioral metrics, and other interactions with our Website and advertisements. Such data processing is performed by third-party providers including Maestra, Mixpanel, Hotjar, Google Analytics, Facebook Ads, Bing Ads, Google Ads, Red Tracker, and other services as detailed in Section 2.4 of this Privacy Policy. We may use self-hosted PostHog within the EEA for product analytics and event-based analytics. Such analytics may include account-linked identifiers, including internal user IDs, email addresses, nicknames, User roles or account types, where reasonably necessary for product analytics, internal reporting, technical diagnostics, feature usage measurement, fraud or abuse detection, customer support or improvement of the Platform. We do not intentionally send payment card data, sensitive authentication data, KYC documents, passwords, private chat content, full account credentials or other sensitive information to product analytics tools.
- Technical Infrastructure & Security: To ensure the stability, security, and performance of our technical infrastructure, we collect technical data including IP addresses, device and browser metadata, technical logs, and session details. This data is processed by trusted third-party providers (e.g., Datadog) implementing stringent security measures and international safeguards, such as Standard Contractual Clauses (SCCs), to guarantee data protection.
- Booster-specific Data Collection and Processing: To register, verify identity, manage payouts, and deliver Booster (Seller) services, Overgear collects and processes Personal Data including full name, residential address, date of birth, contact information (email, WhatsApp, Telegram, Skype, Discord), copies of identification documents (such as passports), and payment processing details (name, phone number, payment card details). Payment card details are securely processed exclusively through certified payment service providers and stored in compliance with the applicable data protection and PCI DSS standards. Overgear processes this data strictly to fulfill contractual obligations, facilitate secure transactions, perform identity verification, and ensure compliance with relevant regulatory requirements.
- Phone Numbers, WhatsApp, SMS and Messaging Contacts: We may request that Users provide phone numbers, WhatsApp numbers or other messaging contact details for urgent, emergency, order-related, customer support, delivery coordination, dispute resolution, refund, payment, security, compliance or account-related communications. Such data may be collected through the Platform, order forms, delivery details forms, Intercom workflows, customer support chats, WhatsApp, SMS or similar communication channels. Where providing a phone number is optional, Users may choose not to provide it. Where a phone number is necessary for a specific service, order type, delivery coordination, fraud prevention, security, compliance or customer support process, we will inform Users accordingly at or before the point of collection.
- Promotional codes and registration details;
- Engagement metrics and user interactions specific to events or campaigns.
Data processing for promotional and marketing purposes is conducted exclusively with your explicit consent. You have the right to withdraw this consent or opt out at any time by contacting our Customer Service at support@overgear.com.
Controller Information:
All Personal Data of users is legally stored and managed in compliance with data processing legislation, including GDPR and the Law on Personal Data Protection.
OVERGEAR LIMITED is the controller for storage and processing of Personal Data, registered to an address Diagorou 4, Kermia Building, 3rd floor, office 304, 1097, Nicosia, Cyprus.
4. Storage and processing of Personal Data
Overgear stores and processes Personal Data using secure infrastructure and trusted hosting, cloud, backup, infrastructure and technical service providers selected with regard to data protection, security, reliability and operational requirements.
OVH is Overgear’s primary hosting and infrastructure provider for the Platform. Personal Data may also be stored, backed up, or otherwise processed through other hosting, cloud, backup and infrastructure providers used by Overgear from time to time, including but not limited to:
- OVH;
- DigitalOcean;
- Contabo;
- UltaHost;
- AWS, including for backup and disaster recovery purposes;
- other authorised hosting, cloud, backup, infrastructure or technical service providers.
Where Overgear uses self-hosted tools, including self-hosted PostHog for product analytics, such tools are configured on infrastructure controlled by Overgear or its authorised hosting providers.
Some service providers may process Personal Data in jurisdictions outside the EEA where necessary for the purposes described in this Privacy Policy, including hosting, backups, customer support, payments, KYC/EKYC, fraud prevention, sanctions screening, analytics, product analytics, marketing automation, infrastructure monitoring, security, workflow automation and other operational or compliance purposes. International transfers are handled in accordance with Section 5 of this Privacy Policy.
Overgear applies appropriate technical and organisational measures designed to protect Personal Data against unauthorised access, loss, misuse, alteration, disclosure or destruction.
5. International Data Transfers
Personal Data may be transferred to, stored in, or accessed from countries outside the EEA where necessary for the purposes described in this Privacy Policy, including where Overgear uses hosting, cloud, backup, infrastructure, payment, KYC/EKYC, fraud prevention, analytics, product analytics, customer support, marketing, security, communication, workflow automation or other service providers located in or providing services from other jurisdictions.
Where Personal Data is transferred outside the EEA, Overgear relies on appropriate transfer mechanisms and safeguards as required by applicable data protection laws, including adequacy decisions, Standard Contractual Clauses, transfer impact assessments, supplementary safeguards, or other lawful transfer mechanisms where applicable.
Overgear periodically reviews its service providers, hosting locations, backup locations and transfer mechanisms to maintain an appropriate level of protection for Personal Data.
6. Publicly Available Data
To encourage interaction between Users, the following data may be publicly displayed on our Website:
- Your nickname;
- Personal Profile rating;
- Reviews left by other Users;
- Total number of transactions and success rate.
- Any other data you provide in your personal Profile or share with a Seller during a Deal will remain private and is not subject to public display under this Privacy Policy.
- You are solely responsible for the Personal Data you choose to publish. Please be mindful that sharing sensitive contact details (such as phone numbers or email addresses) in public areas may lead to your Account being blocked, in accordance with our User Agreement.
- We take steps to secure the privacy of all correspondence between Buyers and Sellers conducted via our Website. However, you should always exercise caution when sharing personal information.
Overgear employs comprehensive security practices to protect your Personal Data in compliance with GDPR and applicable data protection laws. Our security framework includes:
- Secure Data Storage: Data is stored securely and processed automatically on protected servers.
- Restricted Data Access: Only authorized Overgear personnel can access your data strictly to provide and enhance services.
- Technical Safeguards: Utilization of encryption, firewalls, and ongoing risk assessments.
- Staff Training: Mandatory information security training for all employees.
- Payment Security: Payments are processed through certified third-party payment service providers, acquiring banks, payout providers or other payment partners. Overgear does not intentionally store full payment card numbers, CVV/CVC codes or sensitive authentication data. Limited payment-related data may be processed for order administration, refunds, chargebacks, reconciliation, fraud prevention and compliance.
8. Users’ rights regarding their Personal Data and the Website
In compliance with GDPR, you have the following rights regarding your Personal Data:
8.1. Right to Access:
You may request information about what Personal Data we store and how we use it.
8.2. Right to Rectification:
You may ask us to correct, update, or delete your Personal Data if inaccurate, incomplete, or outdated.
8.3. Right to Restriction of Processing:
You may request that we restrict data processing, such as unsubscribing from marketing communications.
8.4. Right to Erasure (“Right to be Forgotten”):
You may request complete deletion of your Personal Data. Note that transaction history or data necessary for legal compliance may be retained.
8.4.1. To exercise your right to erasure under Article 17 of the GDPR, please complete our Erasure Request Form. The form requires you to provide your full name, contact details, and the necessary identification documents (e.g., a copy of your passport, driver’s license, or national ID) to verify your identity. Once we receive your complete request along with all required documentation, we will review your submission and respond within 1 (one) month. Please note that if the provided documentation is incomplete, your request may be delayed until sufficient evidence is submitted.
8.5. Right to Data Portability: You may request a structured, machine-readable copy of your data for transfer to another service provider.
8.6. Right to Object: You may object to data processing for purposes including direct marketing, research, or analytics.
8.7. Right Against Automated Decision-Making: You have the right to oppose decisions based solely on automated processing, including profiling.
8.8. Right to Lodge a Complaint: If you believe your GDPR rights have been violated, you may file a complaint with the relevant supervisory authority.
8.9. Right to Managing Consent: You have the right to manage or withdraw your consent for processing activities at any time. You can do so by contacting Customer Support at support@overgear.com.
To exercise these rights, contact us at support@overgear.com or use our dedicated online form. Overgear responds to all valid GDPR-related requests within 30 (thirty) days, unless legally permitted extensions apply.
8.10. Overgear reserves the right to refuse any request for data erasure or access that is manifestly unfounded or excessive, in accordance with Article 12(5) of the GDPR. In such cases, we may charge a reasonable fee for processing the request. This measure is implemented to ensure that processing such requests does not impose an undue burden on our systems and to protect the rights and freedoms of other Users.
8.11. California Residents (CCPA): Where applicable, California residents may have additional rights under California privacy laws, including rights to know, access, delete, correct and opt out of certain uses or disclosures of Personal Information. Overgear does not sell Personal Data in the ordinary meaning of “sale.” To exercise applicable rights, please contact us at legal@overgear.com.
8.12. If you have concerns or complaints regarding Overgear’s compliance with personal data protection laws, you have the right to contact the relevant supervisory authority:
Office of the Commissioner for Personal Data Protection (Cyprus)
Website: http://www.dataprotection.gov.cy
Email: commissioner@dataprotection.gov.cy
Phone: +357 22 818456
9. Disclaimer Regarding External Content and Links
Users of Overgear may post content and links to external resources in accordance with our User Agreement. To safeguard Personal Data, our Customer Service team monitors compliance with these provisions and removes any user-posted content (or User-Generated Content) or links that pose a security risk to other Users. Please note that while we review such submissions for potential threats, we do not re-moderate posted products, auctions, or online chats once they have been approved.
By posting or interacting with external content, you acknowledge that Overgear is not affiliated with these external resources and does not endorse their content or practices. Consequently, Overgear expressly disclaims any direct or indirect liability for any damages, data loss, or account data theft that may result from following external links or engaging with content on third-party sites. Users are strongly advised to exercise caution and review the privacy and security policies of any external sites they visit, as Overgear does not control or guarantee the practices or content of such sites.
10. Data Breach Notification
In the event of a data breach or unauthorized access to Personal Data, Overgear will promptly notify affected Users and the relevant regulatory authorities in accordance with applicable law. We will take immediate steps to investigate the incident, mitigate its effects, and prevent future breaches. Detailed information and recommendations will be provided to affected Users as soon as possible.
11. Account Security and Protection
To safeguard your Account, we recommend that you:
- Use strong, unique passwords and change them regularly.
- Enable two-factor authentication, if available.
- Keep your login credentials confidential.
- Immediately notify Customer Support if you suspect any unauthorized activity.
12. Advertising and Marketing Communications
Where permitted by applicable law, Overgear may use Personal Data to send marketing, promotional, reactivation, upsell, cross-sell, newsletter or similar commercial communications by email, SMS, WhatsApp, Intercom, Maestra or other channels.
Such communications will be sent only where permitted by applicable law, including on the basis of consent, soft opt-in where legally available, or another applicable lawful basis.
Users may opt out of marketing communications at any time by using the unsubscribe or opt-out instructions included in the relevant message, replying with an applicable opt-out keyword where supported, adjusting communication preferences where available, or contacting Customer Support.
Opting out of marketing communications does not prevent Overgear from sending service-related, transactional, security, legal, compliance, account-related or order-related communications that we are permitted or required to send.
Users may opt out of marketing communications, targeted advertising, sale or sharing of Personal Data, profiling, or similar processing activities where such rights are available under applicable law.
Overgear will provide appropriate opt-out mechanisms, including through cookie settings, privacy preference tools, unsubscribe links, Customer Support, or other methods made available on the Platform.
Opting out of marketing, targeted advertising or personalization does not prevent Overgear from sending service-related, transactional, security, legal, compliance or account-related communications where such communications are necessary or permitted by applicable law.
13. Cookies and Tracking Technologies
Overgear uses cookies, web beacons, pixels, tags, SDKs and similar tracking technologies to operate the Website and Platform, improve service quality, analyze User behavior, measure Website and Platform performance, support product analytics, remember User preferences, ensure security, prevent fraud, and, where permitted, deliver personalized content or advertising.
Depending on the User’s location and applicable law, certain Cookies and similar technologies may be used only after the User has provided consent, while others may be used under an opt-out model where legally permitted.
Users may manage or change their Cookie Preferences through the cookie banner, cookie preference center, browser settings, device settings, or other tools made available on the Website.
Location-Based Consent and Opt-Out Mechanisms
Depending on the User’s location and applicable law, Overgear may apply different cookie consent, preference management and opt-out mechanisms.
Where prior consent is required by applicable law, non-essential Cookies and similar tracking technologies will be used only after such consent is obtained.
Where applicable law allows an opt-out model, Overgear may use certain analytics, advertising, product analytics or similar technologies by default, provided that Users are given clear information and an effective opportunity to opt out.
The specific categories of technologies enabled by default may vary depending on the User’s location, applicable law, and Overgear’s internal compliance settings. For example, in certain jurisdictions Overgear may enable analytics technologies by default while keeping advertising, retargeting, personalization or similar technologies disabled until the User makes a choice.
Where required by applicable law, Overgear will honor applicable opt-out preference signals, such as Global Privacy Control or other legally recognized universal opt-out mechanisms.
For more detailed information, please refer to our Cookie Policy.
14. Data Retention and Deletion
We retain Personal Data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including account administration, order administration, customer support, dispute resolution, refund processing, fraud prevention, security, compliance, accounting, tax, AML/CTF, sanctions screening, legal claims and enforcement of our Terms and Conditions.
Retention periods may vary depending on the type of data, purpose of processing, applicable legal requirements, payment provider rules, dispute or chargeback periods, fraud prevention needs, security requirements and operational necessity.
Account-related information is generally retained while the Account remains active and for a reasonable period after deactivation where necessary for legal, security, dispute resolution, fraud prevention or compliance purposes.
Transaction, payment, accounting and tax-related records may be retained for the period required by applicable law, generally up to 5 (five) years or longer where required by law or necessary for legal claims, audits, chargebacks or regulatory purposes.
Chat, support and communication data may be retained for up to 3 (three) years after the last interaction, unless a longer period is necessary for dispute resolution, legal claims, fraud prevention, compliance or security purposes.
KYC/EKYC, AML/CTF, sanctions screening and fraud prevention data may be retained for the period required by applicable law, regulatory obligations, payment provider requirements, risk management, fraud prevention or legal claims.
Analytics and product analytics data, including data processed through self-hosted tools such as PostHog, may be retained for a limited period necessary for product improvement, technical diagnostics, feature usage analysis, business analytics, internal reporting, error tracking, security and fraud or abuse detection.
Where PostHog or similar product analytics tools process IP addresses primarily for product analytics, Overgear seeks to minimise such processing by disabling IP storage, truncating, anonymising, discarding, aggregating or shortening retention where technically feasible.
Full IP addresses processed primarily for product analytics should not be retained longer than necessary for the relevant purpose. Unless a longer period is justified by security, fraud prevention, payment risk, legal, compliance or technical necessity, such data should be retained for no longer than 90 (ninety) days.
Aggregated, anonymised or non-identifiable analytics data may be retained for a longer period for statistical, product improvement, reporting and business analytics purposes.
Consent, opt-in and opt-out records may be retained as necessary to demonstrate compliance with applicable laws, platform rules and internal compliance procedures.
Upon expiration of applicable retention periods, Personal Data will be deleted, anonymized or aggregated unless continued retention is required or permitted by applicable law.
15. Privacy Policy Changes
Overgear reserves the right to modify or update this Privacy Policy at any time to reflect changes in our Services, practices, or legal requirements. In the event that no specific effective date is provided, any material changes will automatically become effective 30 (thirty) days after being posted on this page. We will communicate any material changes to you via email, prominent notices on our Website, and through our Online Chat. Your continued use of our Services after the effective date constitutes your acceptance of the revised terms. We remain committed to respecting our Users’ rights and ensuring transparency in how your Personal Data is managed.
16. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Customer Support at:
- Email: support@overgear.com
- Postal Address: Diagorou 4, Kermia Building, 3rd Floor, Office 304, 1097 Nicosia, Cyprus
- Office of the Commissioner for Personal Data Protection (Cyprus)
- Website: http://www.dataprotection.gov.cy
- Email: commissioner@dataprotection.gov.cy
- Phone: +357 22 818 456