Help Center
Privacy
OVERGEAR PRIVACY POLICY
Last Updated: June 25, 2025
OVERGEAR LIMITED (“Overgear,” “we,” “us,” or “our”), respects our Users' rights and are committed to protecting your privacy and keeping private data confidential. We take full responsibility for keeping your personal data (“Personal Data”) confidential and secure. This Privacy Policy outlines how we collect, store, process, share, and protect your Personal Data in compliance with applicable laws—including the General Data Protection Regulation (GDPR). This Privacy Policy applies only to data collected on the Overgear Website and its associated resources and does not extend to third-party websites linked from our Website.
By creating an Overgear Account or using our Website and Services, you consent to the collection and use of your Personal Data as described herein and in our Terms and Conditions (hereinafter referred to as the “User Agreement”). For complete details on the information we collect and how it is used, please review our full Privacy Policy. Any provision of the current document is only valid on the Overgear Website and associating resources.
If you have any questions, please contact our Customer Service at support@overgear.com or via our Online Chat.
1. What Personal Data Do We Collect?
At Overgear, we collect Users’ Personal Data on a voluntary basis and in strict compliance with current personal data protection legislation, including the GDPR. The following categories outline the types of data we may request at various stages of registration, while using our Website, and during transaction processing:
Overgear securely stores certain limited payment information necessary to process your transactions efficiently and ensure regulatory compliance. This information may include your name, surname, payment card details (such as card number, expiry date, and Primary Account Number (PAN)). Please note that we store only the minimal required data for processing your payments and strictly adhere to applicable security standards and regulations. We never store sensitive authentication data (such as CVV or full authentication details), and your card information is always securely processed and protected in accordance with GDPR and industry-standard security measures (PCI DSS). For details on storage and usage of your payment data, please refer to our detailed Payment Credentials Storage Agreement.
In case a User loses access to their Overgear Account or in the case of conflict between Users, Overgear Customer Support is entitled to request a photocopy/scan/photo of an ID (citizen passport, driver’s license, ID card etc.) to validate registration data or the User’s rightful possession of the Overgear Account.
Our Services are intended for individuals who are 18 (eighteen) years of age or older. If you are under 18 (eighteen) “Minor”, you must obtain and provide documented parental or legal guardian consent, along with any additional required verification, before accessing our Services. Should we become aware that Personal Data from a Minor has been collected without proper authorization, we will promptly delete that data.
2. How do we process your Personal Data?
Overgear processes your Personal Data strictly in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). Our processing activities rely on three principal legal bases: contractual obligations, User consent, and legitimate interests. Under the GDPR, we must always have a lawful basis for processing your Personal Data.
2.1. Processing Based on Contractual Obligations:
When you create an Overgear Account and use our Services, we process your Personal Data to perform essential activities necessary for fulfilling our contractual obligations, including:
2.2. Processing Based on Your Consent:
Overgear processes Personal Data for additional activities beyond essential contractual requirements only with your explicit consent. These purposes include:
You may withdraw your consent or opt out of marketing-related communications and processing activities at any time by contacting Customer Service at support@overgear.com or through provided opt-out instructions.
2.3. Processing Based on Overgear’s Legitimate Interests:
Overgear may process your Personal Data when necessary for legitimate business interests, provided these interests do not outweigh your privacy rights. Our legitimate interests include:
2.4. Data Sharing with Third Parties:
Overgear shares your Personal Data strictly as necessary to provide and improve our Services, always ensuring compliance with applicable data protection legislation, including but not limited to the GDPR. We process and share your data based on explicit legal grounds such as the performance of our contractual obligations, compliance with legal requirements, legitimate interests, or with your explicit consent.
Categories of third parties we share Personal Data with include:
Disclaimer on Data Processing Agreements (DPAs): Overgear ensures compliance with applicable data protection laws, including GDPR, by entering into Data Processing Agreements (DPAs) with all third-party providers who process Personal Data on our behalf. We regularly review, monitor, and update these agreements to guarantee ongoing compliance. If we identify any third-party provider that fails to demonstrate sufficient compliance standards or refuses to sign a DPA, Overgear will immediately cease data sharing with that provider until full compliance is confirmed.
Consent & Opt-out:
Data sharing for marketing, advertising, or analytics purposes occurs strictly with your explicit consent, which you may withdraw at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn. To opt out, please contact Customer Service at support@overgear.com.
For detailed information on cookies used, see our separate Cookie Policy available on our Website.
2.5. Technical and Service Communications:
Overgear sends technical and service communications (such as order confirmations, password resets, policy updates) necessary for providing our Services and fulfilling our contractual obligations. Such communications do not require separate consent. Marketing and advertising communications will only be sent with your prior explicit consent, which you can withdraw at any time. Overgear ensures these communications fully comply with GDPR and clearly distinguishes between service-related and marketing communications.
Overgear regularly conducts compliance reviews to ensure that our technical and service communications adhere to applicable data protection laws, including GDPR.
OVERGEAR LIMITED (“Overgear,” “we,” “us,” or “our”), respects our Users' rights and are committed to protecting your privacy and keeping private data confidential. We take full responsibility for keeping your personal data (“Personal Data”) confidential and secure. This Privacy Policy outlines how we collect, store, process, share, and protect your Personal Data in compliance with applicable laws—including the General Data Protection Regulation (GDPR). This Privacy Policy applies only to data collected on the Overgear Website and its associated resources and does not extend to third-party websites linked from our Website.
By creating an Overgear Account or using our Website and Services, you consent to the collection and use of your Personal Data as described herein and in our Terms and Conditions (hereinafter referred to as the “User Agreement”). For complete details on the information we collect and how it is used, please review our full Privacy Policy. Any provision of the current document is only valid on the Overgear Website and associating resources.
If you have any questions, please contact our Customer Service at support@overgear.com or via our Online Chat.
1. What Personal Data Do We Collect?
At Overgear, we collect Users’ Personal Data on a voluntary basis and in strict compliance with current personal data protection legislation, including the GDPR. The following categories outline the types of data we may request at various stages of registration, while using our Website, and during transaction processing:
- Information necessary to create an Account (Overgear Profile): e-mail or social media profiles;
- Information necessary to accredit a User as a Seller: First Name, Last Name;
- Age;
- Phone Number;
- Data received in the course of your use of the Overgear Website and Services: Computer parameters and characteristics;
- IP-address and geographic position;
- Cookie files submitted by your browser;
- Hardware event data including those of any malfunctions and your activity on the Website as well as your browser type, properties and language settings, date and time of a request and the URL used to access the Website;
- We also collect data from service providers (for example, for email newsletters).
Overgear securely stores certain limited payment information necessary to process your transactions efficiently and ensure regulatory compliance. This information may include your name, surname, payment card details (such as card number, expiry date, and Primary Account Number (PAN)). Please note that we store only the minimal required data for processing your payments and strictly adhere to applicable security standards and regulations. We never store sensitive authentication data (such as CVV or full authentication details), and your card information is always securely processed and protected in accordance with GDPR and industry-standard security measures (PCI DSS). For details on storage and usage of your payment data, please refer to our detailed Payment Credentials Storage Agreement.
In case a User loses access to their Overgear Account or in the case of conflict between Users, Overgear Customer Support is entitled to request a photocopy/scan/photo of an ID (citizen passport, driver’s license, ID card etc.) to validate registration data or the User’s rightful possession of the Overgear Account.
Our Services are intended for individuals who are 18 (eighteen) years of age or older. If you are under 18 (eighteen) “Minor”, you must obtain and provide documented parental or legal guardian consent, along with any additional required verification, before accessing our Services. Should we become aware that Personal Data from a Minor has been collected without proper authorization, we will promptly delete that data.
2. How do we process your Personal Data?
Overgear processes your Personal Data strictly in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR). Our processing activities rely on three principal legal bases: contractual obligations, User consent, and legitimate interests. Under the GDPR, we must always have a lawful basis for processing your Personal Data.
2.1. Processing Based on Contractual Obligations:
When you create an Overgear Account and use our Services, we process your Personal Data to perform essential activities necessary for fulfilling our contractual obligations, including:
- Account Registration and Maintenance: Enable your access to our Website and its full functionality.
- Transaction Processing: Facilitate secure payment processing and manage transactions.
- Customer Support: Address inquiries, handle disputes, and provide necessary assistance.
2.2. Processing Based on Your Consent:
Overgear processes Personal Data for additional activities beyond essential contractual requirements only with your explicit consent. These purposes include:
- Communicating with you regarding our products, services, and related promotional activities;
- Delivering personalized, interest-based advertising, including profiling conducted with trusted third-party partners;
- Conducting market research, surveys, contests, prize events, and other promotional activities;
- Developing new marketing campaigns and inviting your participation;
- Attracting new customers, subscribers, or affiliates;
- Advancing our commercial and economic interests within applicable legal boundaries;
- Any other specific purposes explicitly consented to by you.
You may withdraw your consent or opt out of marketing-related communications and processing activities at any time by contacting Customer Service at support@overgear.com or through provided opt-out instructions.
2.3. Processing Based on Overgear’s Legitimate Interests:
Overgear may process your Personal Data when necessary for legitimate business interests, provided these interests do not outweigh your privacy rights. Our legitimate interests include:
- Collecting outstanding payments and enforcing contractual terms;
- Improving user experience through analyzing website usage and interactions;
- Maintaining historical records of orders and interactions to provide personalized recommendations;
- Ensuring the security of our Website and preventing fraud and misuse;
- Delivering targeted advertising based on your browsing activities and interests.
2.4. Data Sharing with Third Parties:
Overgear shares your Personal Data strictly as necessary to provide and improve our Services, always ensuring compliance with applicable data protection legislation, including but not limited to the GDPR. We process and share your data based on explicit legal grounds such as the performance of our contractual obligations, compliance with legal requirements, legitimate interests, or with your explicit consent.
Categories of third parties we share Personal Data with include:
- Partner Companies: Assist Overgear in processing data under strict contractual obligations, including signed Data Processing Agreements (DPAs).
- Payment Systems and Processors: Including emerchantpay, QIWI, Stripe, PayPal, ecommpay, Unlimint, nowpayments, AMEX, and other certified payment providers facilitating secure transactions. Shared data includes names, email addresses, IP addresses, transaction details, payment identifiers, and related billing information.
- Sumsub: Conducts identity verification, Know Your Customer (KYC) procedures, Anti-Money Laundering (AML) screenings, fraud prevention, and compliance with AML/CFT regulations. Processed data includes government-issued identification documents (e.g., passport or identity cards), contact information (email, phone number), masked banking/card details, geolocation data (IP address and general geographic location), and information related to source of funds checks. Sumsub may independently process anonymized or aggregated data to enhance its fraud detection and risk scoring capabilities. All international data transfers comply with applicable data protection laws and utilize appropriate safeguards such as Standard Contractual Clauses (SCCs).
- Mixpanel: Collects and analyzes detailed User interaction data including personal identifiers (IP addresses, browser information, interaction metrics) and aggregated usage data for analytics and event tracking purposes.
- Hotjar: Collects heatmaps, clicks, mouse movements, session recordings, IP addresses (anonymized within 30 (thirty) days), device data, and User feedback for Website usability enhancement. Hotjar complies fully with GDPR and applicable privacy laws.
- Google Analytics (GA4): Collects only anonymized, cookie-based browser data to analyze User interactions.
- Bing (Microsoft Ads), Google Ads, Facebook Ads, Red Tracker: Collect only anonymized, cookie-based browser data for targeted advertising and performance analysis. No direct personal identifiers beyond cookies are transmitted to these trackers.
- Salesforce: Manages User relationships, communications, and support, processing contact details, User profiles, support inquiries, and transaction histories. Salesforce adheres to GDPR standards, using SCCs or equivalent safeguards for international data transfers.
- Intercom: Facilitates User communications and support, processing contact details, chat transcripts, support interactions, device data, and service usage (IP addresses, browser data). Compliant with GDPR standards, including international data transfer safeguards.
- Maestra: Manages personalized marketing communications, processing email addresses, User interactions, site behavior, and promotional metrics under a Master Service Agreement and DPA, compliant with GDPR, using SCCs for international transfers.
- Sift: Detects and prevents fraud by analyzing User identifiers, contact details, transaction data, device metadata, IP addresses, and limited payment details using proprietary machine-learning techniques. Ensures secure handling, anonymization, and GDPR compliance.
- Datadog: Monitors infrastructure, processing IP addresses, system logs, technical metadata, session and account details, device and browser information. Datadog provides data encryption, security certifications (ISO 27001, SOC 2 Type II), immediate breach notifications, and international transfers using SCCs.
- Slack: Facilitates internal team communication. Limited Personal Data, such as usernames or details related to User support requests, may occasionally be shared internally via Slack solely for administrative purposes, internal support resolution, and efficient processing of user requests. Slack complies with GDPR standards, ensuring adequate data protection through contractual safeguards such as Standard Contractual Clauses (SCCs).
- Make (Celonis): Automates workflows, processing Personal Data (contact details, usernames, usage data, device information) under Celonis’s Master Services Agreement, DPAs, and SCCs for international data transfers.
- Jotform: Used for online form management, including recruiting Boosters (Sellers) and processing User data erasure (GDPR Right to Erasure requests). Data processed via Jotform includes names, surnames, usernames, email addresses, phone numbers, messenger details (WhatsApp, Telegram, Skype, Discord), date of birth, copies of identification documents (such as passports), and other relevant Personal Data strictly necessary for identity verification, service provision, recruitment processes, payment processing, regulatory compliance, and fulfillment of data subject requests (e.g., erasure requests). Data is stored securely by Jotform under GDPR-compliant standards, including PCI DSS certification, and protected by Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) for international transfers.
- Retool (if applicable): May be used internally to manage dashboards and user-related applications configured by Overgear. Retool might temporarily store, process, or transmit limited User Personal Data such as usernames, contact information, or transaction-related data, strictly for internal administrative purposes, support operations, or service improvement. Retool processes data solely in line with Overgear’s documented instructions and does not permanently retain personal data beyond the duration necessary for processing purposes. All international data transfers via Retool are secured by GDPR-compliant safeguards, including Standard Contractual Clauses (SCCs).
- We may disclose Personal Data when legally required, upon receiving valid legal requests and proper documentation.
- During marketing campaigns, Overgear securely collects and transfers engagement data (promotional codes, interactions) to analytics and marketing platforms (Maestra, Mixpanel), strictly complying with GDPR.
Disclaimer on Data Processing Agreements (DPAs): Overgear ensures compliance with applicable data protection laws, including GDPR, by entering into Data Processing Agreements (DPAs) with all third-party providers who process Personal Data on our behalf. We regularly review, monitor, and update these agreements to guarantee ongoing compliance. If we identify any third-party provider that fails to demonstrate sufficient compliance standards or refuses to sign a DPA, Overgear will immediately cease data sharing with that provider until full compliance is confirmed.
Consent & Opt-out:
Data sharing for marketing, advertising, or analytics purposes occurs strictly with your explicit consent, which you may withdraw at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn. To opt out, please contact Customer Service at support@overgear.com.
For detailed information on cookies used, see our separate Cookie Policy available on our Website.
2.5. Technical and Service Communications:
Overgear sends technical and service communications (such as order confirmations, password resets, policy updates) necessary for providing our Services and fulfilling our contractual obligations. Such communications do not require separate consent. Marketing and advertising communications will only be sent with your prior explicit consent, which you can withdraw at any time. Overgear ensures these communications fully comply with GDPR and clearly distinguishes between service-related and marketing communications.
Overgear regularly conducts compliance reviews to ensure that our technical and service communications adhere to applicable data protection laws, including GDPR.
3. Cases in which Overgear collects and process Personal Data
We collect your Personal Data in specific cases during your interaction with our Website and Services, including:
Data processing for promotional and marketing purposes is conducted exclusively with your explicit consent. You have the right to withdraw this consent or opt out at any time by contacting our Customer Service at support@overgear.com.
Controller Information:
All Personal Data of users is legally stored and managed in compliance with data processing legislation, including GDPR and the Law on Personal Data Protection.
OVERGEAR LIMITED is the controller for storage and processing of Personal Data, registered to an address Diagorou 4, Kermia Building, 3rd floor, office 304, 1097, Nicosia, Cyprus.
4. Storage and processing of Personal Data
Your Personal Data is securely stored on Overgear servers, located simultaneously at 2 (two) separate data centers:
We implement robust technical and organizational measures—including encryption, firewalls, and strict access controls—to protect your data from unauthorized access, disclosure, alteration, or destruction. In the event of a data security breach, Overgear will follow the procedures outlined in the "Data Breach Notification" section of this Privacy Policy.
In addition to servers located in Moscow (Russian Federation) and Frankfurt (Germany), Personal Data may also be processed, stored, and transferred internationally, including to jurisdictions such as the United States and Ireland, depending on our trusted third-party providers as described in Section 2.4 of this Privacy Policy. All international data transfers are protected using GDPR-compliant safeguards, including Standard Contractual Clauses (SCCs), to ensure adequate data protection.
5. International Data Transfers
Your Personal Data may be transferred and processed outside your country of residence, potentially in countries with different data protection standards. Overgear ensures that all international data transfers comply with GDPR, utilizing approved safeguards such as Standard Contractual Clauses (SCC) to guarantee adequate protection.
6. Publicly Available Data
To encourage interaction between Users, the following data may be publicly displayed on our Website:
Overgear employs comprehensive security practices to protect your Personal Data in compliance with GDPR and applicable data protection laws. Our security framework includes:
8. Users’ rights regarding their Personal Data and the Website
In compliance with GDPR, you have the following rights regarding your Personal Data:
8.1. Right to Access:
You may request information about what Personal Data we store and how we use it.
8.2. Right to Rectification:
You may ask us to correct, update, or delete your Personal Data if inaccurate, incomplete, or outdated.
8.3. Right to Restriction of Processing:
You may request that we restrict data processing, such as unsubscribing from marketing communications.
8.4. Right to Erasure (“Right to be Forgotten”):
You may request complete deletion of your Personal Data. Note that transaction history or data necessary for legal compliance may be retained.
8.4.1. To exercise your right to erasure under Article 17 of the GDPR, please complete our Erasure Request Form. The form requires you to provide your full name, contact details, and the necessary identification documents (e.g., a copy of your passport, driver’s license, or national ID) to verify your identity. Once we receive your complete request along with all required documentation, we will review your submission and respond within 1 (one) month. Please note that if the provided documentation is incomplete, your request may be delayed until sufficient evidence is submitted.
8.5. Right to Data Portability: You may request a structured, machine-readable copy of your data for transfer to another service provider.
8.6. Right to Object: You may object to data processing for purposes including direct marketing, research, or analytics.
8.7. Right Against Automated Decision-Making: You have the right to oppose decisions based solely on automated processing, including profiling.
8.8. Right to Lodge a Complaint: If you believe your GDPR rights have been violated, you may file a complaint with the relevant supervisory authority.
8.9. Right to Managing Consent: You have the right to manage or withdraw your consent for processing activities at any time. You can do so by contacting Customer Support at support@overgear.com.
To exercise these rights, contact us at support@overgear.com or use our dedicated online form. Overgear responds to all valid GDPR-related requests within 30 (thirty) days, unless legally permitted extensions apply.
8.10. Overgear reserves the right to refuse any request for data erasure or access that is manifestly unfounded or excessive, in accordance with Article 12(5) of the GDPR. In such cases, we may charge a reasonable fee for processing the request. This measure is implemented to ensure that processing such requests does not impose an undue burden on our systems and to protect the rights and freedoms of other Users.
8.11. California Residents: Overgear does not sell Personal Data to third parties as defined under the California Consumer Privacy Act (CCPA). Under the California Consumer Privacy Act (CCPA), you have rights regarding your Personal Information, including disclosure, deletion, and opting out of the sale of Personal Data. To exercise these rights, please contact us at support@overgear.com.
8.12. If you have concerns or complaints regarding Overgear’s compliance with personal data protection laws, you have the right to contact the relevant supervisory authority:
Office of the Commissioner for Personal Data Protection (Cyprus)
Website: http://www.dataprotection.gov.cy
Email: commissioner@dataprotection.gov.cy
Phone: +357 22 818456
9. Disclaimer Regarding External Content and Links
Users of Overgear may post content and links to external resources in accordance with our User Agreement. To safeguard Personal Data, our Customer Service team monitors compliance with these provisions and removes any user-posted content (or User-Generated Content) or links that pose a security risk to other Users. Please note that while we review such submissions for potential threats, we do not re-moderate posted products, auctions, or online chats once they have been approved.
By posting or interacting with external content, you acknowledge that Overgear is not affiliated with these external resources and does not endorse their content or practices. Consequently, Overgear expressly disclaims any direct or indirect liability for any damages, data loss, or account data theft that may result from following external links or engaging with content on third-party sites. Users are strongly advised to exercise caution and review the privacy and security policies of any external sites they visit, as Overgear does not control or guarantee the practices or content of such sites.
10. Data Breach Notification
In the event of a data breach or unauthorized access to Personal Data, Overgear will promptly notify affected Users and the relevant regulatory authorities in accordance with applicable law. We will take immediate steps to investigate the incident, mitigate its effects, and prevent future breaches. Detailed information and recommendations will be provided to affected Users as soon as possible.
11. Account Security and Protection
To safeguard your Account, we recommend that you:
12. Advertising and Marketing Communications
With your explicit consent, Overgear may use your Personal Data to deliver targeted advertising and promotional communications. You have the right to opt-out of receiving such communications at any time by using the unsubscribe link in our emails or by contacting our Customer Support. Please note that opting out will not affect your receipt of essential service-related notifications.
13. Cookies and Tracking Technologies
Overgear uses cookies, web beacons, and similar tracking technologies to improve service quality, analyze user behavior, and deliver personalized content and advertising.
Cookies are small text files placed on your device that enable us to provide a seamless login experience, save your settings, and enhance your overall experience on the site. You have the option to manage or disable cookies through your browser settings; however, please note that doing so may affect the functionality of certain site features.
For more detailed information, please refer to our Cookie Policy.
14. Data Retention and Deletion
Your data is retained only for as long as necessary for business or legal purposes. Upon expiration of retention periods, data is securely deleted or anonymized.
Overgear retains your Personal Data for the following periods:
Overgear reserves the right to modify or update this Privacy Policy at any time to reflect changes in our Services, practices, or legal requirements. In the event that no specific effective date is provided, any material changes will automatically become effective 30 (thirty) days after being posted on this page. We will communicate any material changes to you via email, prominent notices on our Website, and through our Online Chat. Your continued use of our Services after the effective date constitutes your acceptance of the revised terms. We remain committed to respecting our Users’ rights and ensuring transparency in how your Personal Data is managed.
16. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Customer Support at:
We collect your Personal Data in specific cases during your interaction with our Website and Services, including:
- Website Visits: We automatically collect your IP address to prevent fraud, enhance security, and ensure proper Website functionality. This data is retained for up to 9 (nine) months as required by payment providers.
- Account Creation and Updates: When registering or updating your Overgear Account, we collect your email address, username, and social network profile (if registered via social login).
- Chat Communications: Your messages exchanged in Online Chat are stored to facilitate the provision of Seller Services, maintain quality, and ensure compliance with platform rules.
- Order Placement: Generally, no additional personal data beyond Account registration is required for placing an Order. However, certain payment methods require further information such as:
- QIWI: phone number.
- VISA/MasterCard (emerchantpay gateway): Full name, address, country, city, phone number, postcode.
- Overgear may securely store limited payment details necessary for transaction processing, such as name, surname, card number, expiry date, and Primary Account Number (PAN), strictly in compliance with our Agreement on the Storage and Usage of Credentials on File. Sensitive authentication data such as CVV/CVC codes are never stored by Overgear and are always processed securely through certified third-party payment providers adhering to GDPR and PCI DSS standards.
- Post-Purchase Information: Additional game-specific details (e.g., server or character names) provided after placing an Order are stored securely to enable efficient delivery of services.
- Identity Verification, Fraud Prevention & KYC: We collect and process Personal Data including full name, date of birth, contact information, biometric data (such as facial images), geolocation data (IP address), government-issued identification documents, and other relevant information required to comply with Know Your Customer (KYC), Anti-Money Laundering (AML), fraud prevention, and AML/CFT regulations. Data is securely processed and transferred through GDPR-compliant third-party providers such as Sumsub and Sift.
- Online Forms and Data Collection (Jotform): We may collect and process Personal Data via online forms powered by Jotform for purposes such as identity verification, Seller recruitment, service delivery, processing requests for exercising data subject rights (including GDPR Right to Erasure requests), and compliance with legal obligations. Collected data typically includes name, surname, usernames, email addresses, phone numbers, messenger contacts, birthdates, identity document copies (e.g., passports), and other necessary data. Jotform securely processes and stores data under GDPR-compliant standards, with international data transfers protected by Standard Contractual Clauses (SCCs).
- Marketing & Analytics: With your explicit consent, we collect and transfer Personal Data to marketing and analytics partners for Website usage analysis and advertising campaign management. Data collected and transferred includes IP addresses, cookies, device and browser identifiers, behavioral metrics, and other interactions with our Website and advertisements. Such data processing is performed by third-party providers including Maestra, Mixpanel, Hotjar, Google Analytics, Facebook Ads, Bing Ads, Google Ads, Red Tracker, and other services as detailed in Section 2.4 of this Privacy Policy.
- Technical Infrastructure & Security: To ensure the stability, security, and performance of our technical infrastructure, we collect technical data including IP addresses, device and browser metadata, technical logs, and session details. This data is processed by trusted third-party providers (e.g., Datadog) implementing stringent security measures and international safeguards, such as Standard Contractual Clauses (SCCs), to guarantee data protection.
- Booster-specific Data Collection and Processing: To register, verify identity, manage payouts, and deliver Booster (Seller) services, Overgear collects and processes Personal Data including full name, residential address, date of birth, contact information (email, WhatsApp, Telegram, Skype, Discord), copies of identification documents (such as passports), and payment processing details (name, phone number, payment card details). Payment card details are securely processed exclusively through certified payment service providers and stored in compliance with the applicable data protection and PCI DSS standards. Overgear processes this data strictly to fulfill contractual obligations, facilitate secure transactions, perform identity verification, and ensure compliance with relevant regulatory requirements.
- Promotional codes and registration details;
- Engagement metrics and user interactions specific to events or campaigns.
Data processing for promotional and marketing purposes is conducted exclusively with your explicit consent. You have the right to withdraw this consent or opt out at any time by contacting our Customer Service at support@overgear.com.
Controller Information:
All Personal Data of users is legally stored and managed in compliance with data processing legislation, including GDPR and the Law on Personal Data Protection.
OVERGEAR LIMITED is the controller for storage and processing of Personal Data, registered to an address Diagorou 4, Kermia Building, 3rd floor, office 304, 1097, Nicosia, Cyprus.
4. Storage and processing of Personal Data
Your Personal Data is securely stored on Overgear servers, located simultaneously at 2 (two) separate data centers:
- Moscow Data Center (Russian Federation) – operated by Selectel.
- Frankfurt Data Center (Germany) – operated by Hetzner.
We implement robust technical and organizational measures—including encryption, firewalls, and strict access controls—to protect your data from unauthorized access, disclosure, alteration, or destruction. In the event of a data security breach, Overgear will follow the procedures outlined in the "Data Breach Notification" section of this Privacy Policy.
In addition to servers located in Moscow (Russian Federation) and Frankfurt (Germany), Personal Data may also be processed, stored, and transferred internationally, including to jurisdictions such as the United States and Ireland, depending on our trusted third-party providers as described in Section 2.4 of this Privacy Policy. All international data transfers are protected using GDPR-compliant safeguards, including Standard Contractual Clauses (SCCs), to ensure adequate data protection.
5. International Data Transfers
Your Personal Data may be transferred and processed outside your country of residence, potentially in countries with different data protection standards. Overgear ensures that all international data transfers comply with GDPR, utilizing approved safeguards such as Standard Contractual Clauses (SCC) to guarantee adequate protection.
6. Publicly Available Data
To encourage interaction between Users, the following data may be publicly displayed on our Website:
- Your nickname;
- Personal Profile rating;
- Reviews left by other Users;
- Total number of transactions and success rate.
- Any other data you provide in your personal Profile or share with a Seller during a Deal will remain private and is not subject to public display under this Privacy Policy.
- You are solely responsible for the Personal Data you choose to publish. Please be mindful that sharing sensitive contact details (such as phone numbers or email addresses) in public areas may lead to your Account being blocked, in accordance with our User Agreement.
- We take steps to secure the privacy of all correspondence between Buyers and Sellers conducted via our Website. However, you should always exercise caution when sharing personal information.
Overgear employs comprehensive security practices to protect your Personal Data in compliance with GDPR and applicable data protection laws. Our security framework includes:
- Secure Data Storage: Data is stored securely and processed automatically on protected servers.
- Restricted Data Access: Only authorized Overgear personnel can access your data strictly to provide and enhance services.
- Technical Safeguards: Utilization of encryption, firewalls, and ongoing risk assessments.
- Staff Training: Mandatory information security training for all employees.
- Payment Security: Transactions occur exclusively via secure gateways operated by certified payment providers. Overgear does not store sensitive payment information.
8. Users’ rights regarding their Personal Data and the Website
In compliance with GDPR, you have the following rights regarding your Personal Data:
8.1. Right to Access:
You may request information about what Personal Data we store and how we use it.
8.2. Right to Rectification:
You may ask us to correct, update, or delete your Personal Data if inaccurate, incomplete, or outdated.
8.3. Right to Restriction of Processing:
You may request that we restrict data processing, such as unsubscribing from marketing communications.
8.4. Right to Erasure (“Right to be Forgotten”):
You may request complete deletion of your Personal Data. Note that transaction history or data necessary for legal compliance may be retained.
8.4.1. To exercise your right to erasure under Article 17 of the GDPR, please complete our Erasure Request Form. The form requires you to provide your full name, contact details, and the necessary identification documents (e.g., a copy of your passport, driver’s license, or national ID) to verify your identity. Once we receive your complete request along with all required documentation, we will review your submission and respond within 1 (one) month. Please note that if the provided documentation is incomplete, your request may be delayed until sufficient evidence is submitted.
8.5. Right to Data Portability: You may request a structured, machine-readable copy of your data for transfer to another service provider.
8.6. Right to Object: You may object to data processing for purposes including direct marketing, research, or analytics.
8.7. Right Against Automated Decision-Making: You have the right to oppose decisions based solely on automated processing, including profiling.
8.8. Right to Lodge a Complaint: If you believe your GDPR rights have been violated, you may file a complaint with the relevant supervisory authority.
8.9. Right to Managing Consent: You have the right to manage or withdraw your consent for processing activities at any time. You can do so by contacting Customer Support at support@overgear.com.
To exercise these rights, contact us at support@overgear.com or use our dedicated online form. Overgear responds to all valid GDPR-related requests within 30 (thirty) days, unless legally permitted extensions apply.
8.10. Overgear reserves the right to refuse any request for data erasure or access that is manifestly unfounded or excessive, in accordance with Article 12(5) of the GDPR. In such cases, we may charge a reasonable fee for processing the request. This measure is implemented to ensure that processing such requests does not impose an undue burden on our systems and to protect the rights and freedoms of other Users.
8.11. California Residents: Overgear does not sell Personal Data to third parties as defined under the California Consumer Privacy Act (CCPA). Under the California Consumer Privacy Act (CCPA), you have rights regarding your Personal Information, including disclosure, deletion, and opting out of the sale of Personal Data. To exercise these rights, please contact us at support@overgear.com.
8.12. If you have concerns or complaints regarding Overgear’s compliance with personal data protection laws, you have the right to contact the relevant supervisory authority:
Office of the Commissioner for Personal Data Protection (Cyprus)
Website: http://www.dataprotection.gov.cy
Email: commissioner@dataprotection.gov.cy
Phone: +357 22 818456
9. Disclaimer Regarding External Content and Links
Users of Overgear may post content and links to external resources in accordance with our User Agreement. To safeguard Personal Data, our Customer Service team monitors compliance with these provisions and removes any user-posted content (or User-Generated Content) or links that pose a security risk to other Users. Please note that while we review such submissions for potential threats, we do not re-moderate posted products, auctions, or online chats once they have been approved.
By posting or interacting with external content, you acknowledge that Overgear is not affiliated with these external resources and does not endorse their content or practices. Consequently, Overgear expressly disclaims any direct or indirect liability for any damages, data loss, or account data theft that may result from following external links or engaging with content on third-party sites. Users are strongly advised to exercise caution and review the privacy and security policies of any external sites they visit, as Overgear does not control or guarantee the practices or content of such sites.
10. Data Breach Notification
In the event of a data breach or unauthorized access to Personal Data, Overgear will promptly notify affected Users and the relevant regulatory authorities in accordance with applicable law. We will take immediate steps to investigate the incident, mitigate its effects, and prevent future breaches. Detailed information and recommendations will be provided to affected Users as soon as possible.
11. Account Security and Protection
To safeguard your Account, we recommend that you:
- Use strong, unique passwords and change them regularly.
- Enable two-factor authentication, if available.
- Keep your login credentials confidential.
- Immediately notify Customer Support if you suspect any unauthorized activity.
12. Advertising and Marketing Communications
With your explicit consent, Overgear may use your Personal Data to deliver targeted advertising and promotional communications. You have the right to opt-out of receiving such communications at any time by using the unsubscribe link in our emails or by contacting our Customer Support. Please note that opting out will not affect your receipt of essential service-related notifications.
13. Cookies and Tracking Technologies
Overgear uses cookies, web beacons, and similar tracking technologies to improve service quality, analyze user behavior, and deliver personalized content and advertising.
Cookies are small text files placed on your device that enable us to provide a seamless login experience, save your settings, and enhance your overall experience on the site. You have the option to manage or disable cookies through your browser settings; however, please note that doing so may affect the functionality of certain site features.
For more detailed information, please refer to our Cookie Policy.
14. Data Retention and Deletion
Your data is retained only for as long as necessary for business or legal purposes. Upon expiration of retention periods, data is securely deleted or anonymized.
Overgear retains your Personal Data for the following periods:
- Account-related information: While your Account remains active, plus up to 12 (twelve) months after deactivation.
- Transactional data: For a minimum period required by applicable laws, generally up to 5 (five) years.
- Chat and communication data: Up to 3 (three) years after your last interaction.
Overgear reserves the right to modify or update this Privacy Policy at any time to reflect changes in our Services, practices, or legal requirements. In the event that no specific effective date is provided, any material changes will automatically become effective 30 (thirty) days after being posted on this page. We will communicate any material changes to you via email, prominent notices on our Website, and through our Online Chat. Your continued use of our Services after the effective date constitutes your acceptance of the revised terms. We remain committed to respecting our Users’ rights and ensuring transparency in how your Personal Data is managed.
16. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Customer Support at:
- Email: legal@overgear.com
- Postal Address: Diagorou 4, Kermia Building, 3rd Floor, Office 304, 1097 Nicosia, Cyprus
- Office of the Commissioner for Personal Data Protection (Cyprus)
- Website: http://www.dataprotection.gov.cy
- Email: commissioner@dataprotection.gov.cy
- Phone: +357 22 818 456"