GDPR Compliance
Last updated: May 15, 2025
1. Introduction
This GDPR Compliance document explains how RetroArcadeClubs.com ("we", "our", or "us") complies with the General Data Protection Regulation (GDPR), which is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area.
This document supplements our Privacy Policy and provides additional information for individuals located in the European Economic Area (EEA) about their rights under the GDPR.
2. Data Controller
RetroArcade Media Ltd is the data controller responsible for your personal data. Our contact details are:
- RetroArcade Media Ltd
- 42 Pixel Lane
- Manchester, M4 5BG
- United Kingdom
- Email: [email protected]
3. Legal Basis for Processing
Under the GDPR, we must have a legal basis for processing your personal data. We rely on the following legal bases for processing your personal data:
Consent
We process certain personal data based on your consent, such as when you:
- Sign up for our newsletter
- Agree to receive marketing communications
- Accept non-essential cookies on our website
You have the right to withdraw your consent at any time.
Contractual Necessity
We process certain personal data because it is necessary for the performance of a contract with you or to take steps at your request before entering into a contract, such as when you:
- Create an account on our website
- Purchase products or services from us
- Enter into a contest or promotion
Legitimate Interests
We process certain personal data based on our legitimate interests, such as:
- Improving our website and services
- Ensuring the security of our website and systems
- Analyzing how users interact with our website
- Preventing fraud and abuse
When we rely on legitimate interests, we conduct a balancing test to ensure that our interests do not override your fundamental rights and freedoms.
Legal Obligation
We process certain personal data because it is necessary for compliance with a legal obligation to which we are subject, such as:
- Tax and accounting requirements
- Responding to legal requests from authorities
4. Your GDPR Rights
Under the GDPR, you have the following rights regarding your personal data:
Right to Access
You have the right to request a copy of the personal data we hold about you and to check that we are lawfully processing it.
Right to Rectification
You have the right to request that we correct any incomplete or inaccurate personal data we hold about you.
Right to Erasure (Right to be Forgotten)
You have the right to request that we delete or remove personal data where there is no good reason for us continuing to process it. Please note that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Right to Restrict Processing
You have the right to request that we suspend the processing of your personal data in certain scenarios, such as if you want us to establish the accuracy of the data or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to Data Portability
You have the right to request that we transfer your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
Right to Object
You have the right to object to the processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
You also have the right to object where we are processing your personal data for direct marketing purposes.
Rights Related to Automated Decision Making and Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
5. How to Exercise Your Rights
To exercise any of your rights under the GDPR, please contact us using the contact information provided at the end of this document. We will respond to your request within one month.
To help us respond to your request efficiently, please provide us with the following information:
- Your name and contact details
- The specific right you wish to exercise
- Any information that might help us identify your data (e.g., your account email address)
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to exercise any of your rights under the GDPR. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
6. International Data Transfers
We may transfer your personal data to countries outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
7. Data Retention
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider:
- The amount, nature, and sensitivity of the personal data
- The potential risk of harm from unauthorized use or disclosure of your personal data
- The purposes for which we process your personal data and whether we can achieve those purposes through other means
- The applicable legal requirements
In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
8. Data Protection Measures
We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of personal data
- Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
- Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
- Process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing
We ensure that those who have permanent or regular access to personal data, or that are involved in the processing of personal data, are trained and informed of their rights and responsibilities when processing personal data.
9. Data Breaches
In the case of a personal data breach, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.
When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, we will communicate the personal data breach to you without undue delay, describing in clear and plain language the nature of the personal data breach and providing at least:
- The name and contact details of our data protection officer or other contact point where more information can be obtained
- A description of the likely consequences of the personal data breach
- A description of the measures taken or proposed to be taken to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects
10. Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR Compliance document and our privacy practices. If you have any questions about this GDPR Compliance document, including any requests to exercise your legal rights, please contact our DPO using the details set out below:
- Data Protection Officer
- RetroArcade Media Ltd
- 42 Pixel Lane
- Manchester, M4 5BG
- United Kingdom
- Email: [email protected]
11. Complaints
You have the right to make a complaint at any time to your local data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.
For individuals in the United Kingdom, the supervisory authority is the Information Commissioner's Office (ICO), which can be contacted at:
- Information Commissioner's Office
- Wycliffe House
- Water Lane
- Wilmslow
- Cheshire
- SK9 5AF
- United Kingdom
- Website: https://ico.org.uk
12. Contact Information
If you have any questions about this GDPR Compliance document or our privacy practices, please contact us:
- By email: [email protected]
- By mail: RetroArcade Media Ltd, 42 Pixel Lane, Manchester, M4 5BG, United Kingdom