3. Cases in which Overgear collects and process Personal DataWe collect your Personal Data in specific cases during your interaction with our Website and Services, including:
- Website Visits: We automatically collect your IP address to prevent fraud, enhance security, and ensure proper Website functionality. This data is retained for up to 9 (nine) months as required by payment providers.
- Account Creation and Updates: When registering or updating your Overgear Account, we collect your email address, username, and social network profile (if registered via social login).
- Chat Communications: Your messages exchanged in Online Chat are stored to facilitate the provision of Seller Services, maintain quality, and ensure compliance with platform rules.
- Order Placement: Generally, no additional personal data beyond Account registration is required for placing an Order. However, certain payment methods require further information such as:
- QIWI: phone number.
- VISA/MasterCard (emerchantpay gateway): Full name, address, country, city, phone number, postcode.
- Overgear may securely store limited payment details necessary for transaction processing, such as name, surname, card number, expiry date, and Primary Account Number (PAN), strictly in compliance with our Agreement on the Storage and Usage of Credentials on File. Sensitive authentication data such as CVV/CVC codes are never stored by Overgear and are always processed securely through certified third-party payment providers adhering to GDPR and PCI DSS standards.
- Post-Purchase Information: Additional game-specific details (e.g., server or character names) provided after placing an Order are stored securely to enable efficient delivery of services.
- Identity Verification, Fraud Prevention & KYC: We collect and process Personal Data including full name, date of birth, contact information, biometric data (such as facial images), geolocation data (IP address), government-issued identification documents, and other relevant information required to comply with Know Your Customer (KYC), Anti-Money Laundering (AML), fraud prevention, and AML/CFT regulations. Data is securely processed and transferred through GDPR-compliant third-party providers such as Sumsub and Sift.
- Online Forms and Data Collection (Jotform): We may collect and process Personal Data via online forms powered by Jotform for purposes such as identity verification, Seller recruitment, service delivery, processing requests for exercising data subject rights (including GDPR Right to Erasure requests), and compliance with legal obligations. Collected data typically includes name, surname, usernames, email addresses, phone numbers, messenger contacts, birthdates, identity document copies (e.g., passports), and other necessary data. Jotform securely processes and stores data under GDPR-compliant standards, with international data transfers protected by Standard Contractual Clauses (SCCs).
- Marketing & Analytics: With your explicit consent, we collect and transfer Personal Data to marketing and analytics partners for Website usage analysis and advertising campaign management. Data collected and transferred includes IP addresses, cookies, device and browser identifiers, behavioral metrics, and other interactions with our Website and advertisements. Such data processing is performed by third-party providers including Maestra, Mixpanel, Hotjar, Google Analytics, Facebook Ads, Bing Ads, Google Ads, Red Tracker, and other services as detailed in Section 2.4 of this Privacy Policy.
- Technical Infrastructure & Security: To ensure the stability, security, and performance of our technical infrastructure, we collect technical data including IP addresses, device and browser metadata, technical logs, and session details. This data is processed by trusted third-party providers (e.g., Datadog) implementing stringent security measures and international safeguards, such as Standard Contractual Clauses (SCCs), to guarantee data protection.
- Booster-specific Data Collection and Processing: To register, verify identity, manage payouts, and deliver Booster (Seller) services, Overgear collects and processes Personal Data including full name, residential address, date of birth, contact information (email, WhatsApp, Telegram, Skype, Discord), copies of identification documents (such as passports), and payment processing details (name, phone number, payment card details). Payment card details are securely processed exclusively through certified payment service providers and stored in compliance with the applicable data protection and PCI DSS standards. Overgear processes this data strictly to fulfill contractual obligations, facilitate secure transactions, perform identity verification, and ensure compliance with relevant regulatory requirements.
During promotional activities—such as Special Campaigns (in accordance with the Overgear Bonus Policy), marketing events, and similar initiatives—we may collect additional User data specifically to manage and track event participation. Such data may include:
- Promotional codes and registration details;
- Engagement metrics and user interactions specific to events or campaigns.
This Personal Data is securely transmitted to trusted third-party analytics and marketing platforms (such as Maestra and Mixpanel) solely for processing and analytical purposes. Such transfers are performed in strict compliance with applicable data protection laws, including GDPR, and subject to the same rigorous safeguards as applied to our standard data processing operations.
Data processing for promotional and marketing purposes is conducted exclusively with your explicit consent. You have the right to withdraw this consent or opt out at any time by contacting our Customer Service at support@overgear.com.
Controller Information:
All Personal Data of users is legally stored and managed in compliance with data processing legislation, including GDPR and the Law on Personal Data Protection.
OVERGEAR LIMITED is the controller for storage and processing of Personal Data, registered to an address Diagorou 4, Kermia Building, 3rd floor, office 304, 1097, Nicosia, Cyprus.
4. Storage and processing of Personal DataYour Personal Data is securely stored on Overgear servers, located simultaneously at 2 (two) separate data centers:
- Moscow Data Center (Russian Federation) – operated by Selectel.
- Frankfurt Data Center (Germany) – operated by Hetzner.
For detailed information regarding third-party providers and categories of data sharing, please refer to Section 2.4 ("Data Sharing with Third Parties") of this Privacy Policy.
We implement robust technical and organizational measures—including encryption, firewalls, and strict access controls—to protect your data from unauthorized access, disclosure, alteration, or destruction. In the event of a data security breach, Overgear will follow the procedures outlined in the "Data Breach Notification" section of this Privacy Policy.
In addition to servers located in Moscow (Russian Federation) and Frankfurt (Germany), Personal Data may also be processed, stored, and transferred internationally, including to jurisdictions such as the United States and Ireland, depending on our trusted third-party providers as described in Section 2.4 of this Privacy Policy. All international data transfers are protected using GDPR-compliant safeguards, including Standard Contractual Clauses (SCCs), to ensure adequate data protection.
5. International Data TransfersYour Personal Data may be transferred and processed outside your country of residence, potentially in countries with different data protection standards. Overgear ensures that all international data transfers comply with GDPR, utilizing approved safeguards such as Standard Contractual Clauses (SCC) to guarantee adequate protection.
6. Publicly Available DataTo encourage interaction between Users, the following data may be publicly displayed on our Website:
- Your nickname;
- Personal Profile rating;
- Reviews left by other Users;
- Total number of transactions and success rate.
Additional Points:
- Any other data you provide in your personal Profile or share with a Seller during a Deal will remain private and is not subject to public display under this Privacy Policy.
- You are solely responsible for the Personal Data you choose to publish. Please be mindful that sharing sensitive contact details (such as phone numbers or email addresses) in public areas may lead to your Account being blocked, in accordance with our User Agreement.
- We take steps to secure the privacy of all correspondence between Buyers and Sellers conducted via our Website. However, you should always exercise caution when sharing personal information.
7. Data Protection and Security MeasuresOvergear employs comprehensive security practices to protect your Personal Data in compliance with GDPR and applicable data protection laws. Our security framework includes:
- Secure Data Storage: Data is stored securely and processed automatically on protected servers.
- Restricted Data Access: Only authorized Overgear personnel can access your data strictly to provide and enhance services.
- Technical Safeguards: Utilization of encryption, firewalls, and ongoing risk assessments.
- Staff Training: Mandatory information security training for all employees.
- Payment Security: Transactions occur exclusively via secure gateways operated by certified payment providers. Overgear does not store sensitive payment information.
Disclaimer: In the unlikely event that our security system is compromised and Personal Data is stolen, Overgear will take all necessary measures to address the breach. However, please note that we do not bear material liability for such incidents, as payments and sensitive transactions are handled by secure third-party providers.
8. Users’ rights regarding their Personal Data and the WebsiteIn compliance with GDPR, you have the following rights regarding your Personal Data:
8.1. Right to Access:
You may request information about what Personal Data we store and how we use it.
8.2. Right to Rectification:
You may ask us to correct, update, or delete your Personal Data if inaccurate, incomplete, or outdated.
8.3. Right to Restriction of Processing:
You may request that we restrict data processing, such as unsubscribing from marketing communications.
8.4. Right to Erasure (“Right to be Forgotten”):
You may request complete deletion of your Personal Data. Note that transaction history or data necessary for legal compliance may be retained.
8.4.1. To exercise your right to erasure under Article 17 of the GDPR, please complete our
Erasure Request Form. The form requires you to provide your full name, contact details, and the necessary identification documents (e.g., a copy of your passport, driver’s license, or national ID) to verify your identity. Once we receive your complete request along with all required documentation, we will review your submission and respond within 1 (one) month. Please note that if the provided documentation is incomplete, your request may be delayed until sufficient evidence is submitted.
8.5. Right to Data Portability: You may request a structured, machine-readable copy of your data for transfer to another service provider.
8.6. Right to Object: You may object to data processing for purposes including direct marketing, research, or analytics.
8.7. Right Against Automated Decision-Making: You have the right to oppose decisions based solely on automated processing, including profiling.
8.8. Right to Lodge a Complaint: If you believe your GDPR rights have been violated, you may file a complaint with the relevant supervisory authority.
8.9. Right to Managing Consent: You have the right to manage or withdraw your consent for processing activities at any time. You can do so by contacting Customer Support at
support@overgear.com.
To exercise these rights, contact us at support@overgear.com or use our dedicated online form. Overgear responds to all valid GDPR-related requests within 30 (thirty) days, unless legally permitted extensions apply.
8.10. Overgear reserves the right to refuse any request for data erasure or access that is manifestly unfounded or excessive, in accordance with Article 12(5) of the GDPR. In such cases, we may charge a reasonable fee for processing the request. This measure is implemented to ensure that processing such requests does not impose an undue burden on our systems and to protect the rights and freedoms of other Users.
8.11. California Residents: Overgear does not sell Personal Data to third parties as defined under the California Consumer Privacy Act (CCPA). Under the California Consumer Privacy Act (CCPA), you have rights regarding your Personal Information, including disclosure, deletion, and opting out of the sale of Personal Data. To exercise these rights, please contact us at
support@overgear.com.
8.12. If you have concerns or complaints regarding Overgear’s compliance with personal data protection laws, you have the right to contact the relevant supervisory authority:
Office of the Commissioner for Personal Data Protection (Cyprus)
Website:
http://www.dataprotection.gov.cyEmail: commissioner@dataprotection.gov.cy
Phone: +357 22 818456
9. Disclaimer Regarding External Content and LinksUsers of Overgear may post content and links to external resources in accordance with our User Agreement. To safeguard Personal Data, our Customer Service team monitors compliance with these provisions and removes any user-posted content (or User-Generated Content) or links that pose a security risk to other Users. Please note that while we review such submissions for potential threats, we do not re-moderate posted products, auctions, or online chats once they have been approved.
By posting or interacting with external content, you acknowledge that Overgear is not affiliated with these external resources and does not endorse their content or practices. Consequently, Overgear expressly disclaims any direct or indirect liability for any damages, data loss, or account data theft that may result from following external links or engaging with content on third-party sites. Users are strongly advised to exercise caution and review the privacy and security policies of any external sites they visit, as Overgear does not control or guarantee the practices or content of such sites.
10. Data Breach NotificationIn the event of a data breach or unauthorized access to Personal Data, Overgear will promptly notify affected Users and the relevant regulatory authorities in accordance with applicable law. We will take immediate steps to investigate the incident, mitigate its effects, and prevent future breaches. Detailed information and recommendations will be provided to affected Users as soon as possible.
11. Account Security and ProtectionTo safeguard your Account, we recommend that you:
- Use strong, unique passwords and change them regularly.
- Enable two-factor authentication, if available.
- Keep your login credentials confidential.
- Immediately notify Customer Support if you suspect any unauthorized activity.
While Overgear employs robust security measures, you are also responsible for maintaining the security of your Account.
12. Advertising and Marketing CommunicationsWith your explicit consent, Overgear may use your Personal Data to deliver targeted advertising and promotional communications. You have the right to opt-out of receiving such communications at any time by using the unsubscribe link in our emails or by contacting our Customer Support. Please note that opting out will not affect your receipt of essential service-related notifications.
13. Cookies and Tracking TechnologiesOvergear uses cookies, web beacons, and similar tracking technologies to improve service quality, analyze user behavior, and deliver personalized content and advertising.
Cookies are small text files placed on your device that enable us to provide a seamless login experience, save your settings, and enhance your overall experience on the site. You have the option to manage or disable cookies through your browser settings; however, please note that doing so may affect the functionality of certain site features.
For more detailed information, please refer to our
Cookie Policy.
14. Data Retention and Deletion Your data is retained only for as long as necessary for business or legal purposes. Upon expiration of retention periods, data is securely deleted or anonymized.
Overgear retains your Personal Data for the following periods:
- Account-related information: While your Account remains active, plus up to 12 (twelve) months after deactivation.
- Transactional data: For a minimum period required by applicable laws, generally up to 5 (five) years.
- Chat and communication data: Up to 3 (three) years after your last interaction.
15. Privacy Policy ChangesOvergear reserves the right to modify or update this Privacy Policy at any time to reflect changes in our Services, practices, or legal requirements. In the event that no specific effective date is provided, any material changes will automatically become effective 30 (thirty) days after being posted on this page. We will communicate any material changes to you via email, prominent notices on our Website, and through our Online Chat. Your continued use of our Services after the effective date constitutes your acceptance of the revised terms. We remain committed to respecting our Users’ rights and ensuring transparency in how your Personal Data is managed.
16. Contact InformationIf you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Customer Support at:
- Email: legal@overgear.com
- Postal Address: Diagorou 4, Kermia Building, 3rd Floor, Office 304, 1097 Nicosia, Cyprus
If your concerns about personal data protection compliance are not addressed satisfactorily, you have the right to lodge a complaint with your local supervisory authority:- Office of the Commissioner for Personal Data Protection (Cyprus)
- Website: http://www.dataprotection.gov.cy
- Email: commissioner@dataprotection.gov.cy
- Phone: +357 22 818 456"
By using Overgear’s Website and Services, you acknowledge that you have read, understood, and agree to the collection and use of your Personal Data as described in this Privacy Policy.