Privacy Policy

Effective Date: September 18, 2020

1. Scope of this Privacy Policy

We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It applies to the PlayerAuctions.com website (“PlayerAuctions” or the “Site”) and all related sites, applications, services and tools where this policy is referenced, regardless of how you access or use them, including mobile devices. It also explains your rights in relation to your personal data and how to contact us in the event you have any questions or comments.
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the applicable laws including the General Data Protection Regulation (GDPR), which applies across the European Union (including in the United Kingdom) and we are responsible as a ‘controller’ of that personal data for the purposes of those laws.

2. Key terms

It would be helpful to start by explaining some key terms used in this policy:
We, us, our PlayerAuctions
Our data protection officer Sarah Styslinger
[email protected]
Personal data Any information relating to an identified or identifiable individual
Special category personal data Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership
Genetic and biometric data
Data concerning health, sex life or sexual orientation

3. Personal data we collect about you

We may collect and use the following personal data about you:
  • your name and contact information, including email address and telephone number
  • information to enable us to check and verify your identity, e.g. your date of birth
  • your gender information, if you choose to give this to us
  • Computer sign-on data, statistics on page views, traffic to and from PlayerAuctions, and cookies information;
  • location data
  • your shipping, billing information, transaction and payment card information
  • your personal or professional interests
  • your professional online presence, e.g. LinkedIn profile
  • your contact history, purchase history and saved items on PlayerAuctions
  • information from accounts you link to PlayerAuctions, e.g. Facebook and other social media platforms
  • information to enable us to undertake credit or other financial checks on you
  • information about how you use the PlayerAuctions website, IT, communication and other systems
  • your responses to surveys, competitions and promotions
  • transactional information based on your activities on PlayerAuctions (such as information to facilitate buying and selling)
  • community discussions, chats, dispute resolution, correspondences through PlayerAuctions, and correspondences sent to us
  • computer sign-on data, statistics on page views, traffic to and from PlayerAuctions, and cookies information
  • other information, including IP address and standard weblog information, and supplemental information from third parties, such as payment account information provided by any payment services that you use to make purchases or receive payments, and your browser ID, cookie ID, device ID, device type, proxy usage, VPN usage, and associated names, locations, email addresses, phone numbers, and social media public profiles provided by our payment fraud and customer due diligence service providers.
This personal data is required to provide our services to you. You can choose not to provide information to us, but in general some information about you is required in order for you to: register as a member; purchase products or services; complete a profile; participate in a survey, contest, or sweepstakes; ask us a question; or initiate other transactions on our site.

4. How your personal data is collected

We collect most of this personal data directly from you via our website. However, we may also collect information:
  • from publicly accessible sources, e.g. demographic data
  • directly from a third party, e.g.:
  • – sanctions screening providers;
    – credit reference agencies;
    – customer due diligence providers;
    – data brokers
  • from a third party with your consent, e.g. your bank
  • from cookies on our website—for more information on our use of cookies, please see our Cookie Policy
  • via our IT systems, e.g. automated monitoring of our websites and other technical systems such as our computer networks and connections.

5. How and why we use your personal data

Under data protection law, we can only use your personal data if we have a proper reason for doing so, eg:
  • to comply with our legal and regulatory obligations;
  • for the performance of our contract with you or to take steps at your request before entering into a contract;
  • for our legitimate interests or those of a third party;or
  • where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
The table below explains what we use (process) your personal data for and our reasons for doing so:
What we use your personal data for Our reasons
To provide our services to you For the performance of our contract with you or to take steps at your request before entering into a contract
To contact you, either via email or telephone, to resolve disputes, collect fees, troubleshoot problems with your account or our sites, services, applications or tools, or for other purposes authorized by law For the performance of our contract with you or to take steps at your request before entering into a contract
For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers and deliver the best service to you
To prevent and detect fraud, security breaches, potentially prohibited or illegal activities, and enforce our user agreement and policies For our legitimate interests or those of a third party, i.e. to minimize fraud that could be damaging for us and for you
Conducting checks to identify our customers and verify their identity
Screening for financial and other sanctions or embargoes
Other processing necessary to comply with legal and regulatory obligations that apply to our business
To comply with our legal and regulatory obligations
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies To comply with our legal and regulatory obligations
Ensuring business policies are adhered to, e.g. policies covering security and internet use For our legitimate interests or those of a third party, i.e. to make sure we are following our own internal procedures so we can deliver the best service to you
Operational reasons, such as improving efficiency, training and quality control For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you at the best price
Ensuring the confidentiality of commercially sensitive information For our legitimate interests or those of a third party, i.e. to protect trade secrets and other commercially valuable information
To comply with our legal and regulatory obligations
Statistical analysis to help us manage our business, e.g. in relation to our financial performance, customer base, product range or other efficiency measures For our legitimate interests or those of a third party, i.e. to be as efficient as we can so we can deliver the best service for you at the best price
Preventing unauthorized access and modifications to our systems For our legitimate interests or those of a third party, i.e. to prevent and detect criminal activity that could be damaging for us and for you
To comply with our legal and regulatory obligations
Updating and enhancing our customer records For the performance of our contract with you or to take steps at your request before entering into a contract
To comply with our legal and regulatory obligations
For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our customers about existing orders and new products and/or services
Ensuring safe working practices, staff administration and assessments To comply with our legal and regulatory obligations
For our legitimate interests or those of a third party, e.g. to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you
Marketing our services and those of selected third parties to:
—existing and former customers;
—third parties who have previously expressed an interest in our services;
—third parties with whom we have had no previous dealings.
For our legitimate interests or those of a third party, i.e. to promote our business to existing and former customers
Credit reference checks via external credit reference agencies For our legitimate interests or those of a third party, i.e. to ensure our customers are likely to be able to pay for our products and services
External audits and quality checks For our legitimate interests or a those of a third party, i.e. to maintain our accreditations so we can demonstrate we operate at the highest standards
To comply with our legal and regulatory obligations
The above table does not apply to special category personal data, which we will only process with your explicit consent.

6. Promotional communications

We may use your personal data to send you updates (by email, text message, telephone or post) about our services, including exclusive offers, promotions or new products and/or services.
We have a legitimate interest in processing your personal data for promotional purposes (see above 'How and why we use your personal data'). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect and never sell OR share it with other organizations outside the PlayerAuctions group for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by:
  • using the 'unsubscribe' link in emails
We may ask you to confirm or update your marketing preferences if you instruct us to provide further products and/or services in the future, or if there are changes in the law, regulation, or the structure of our business.

7. Who we share your personal data with

We routinely share personal data with:
  • Other PlayerAuctions users that you communicate with
  • Group Company members
  • third parties we use to help deliver our services to you, e.g. payment service providers, technical service providers, risk management and customer due diligence service providers
  • other third parties we use to help us run our business, e.g. marketing agencies or website hosts
  • third parties approved by you, e.g. social media sites you choose to link your account to or third- party payment providers
  • credit reference agencies
  • our insurers and brokers
  • our banks
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you. We may also share personal data with external auditors, e.g. in relation to ISO accreditation and the audit of our accounts.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymized but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

8. Where your personal data is held

Information may be held at our offices and those of our group companies, third party agencies, service providers, representatives and agents as described above (see above: 'Who we share your personal data with').
Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal data when this occurs, see below: 'Transferring your personal data out of the EEA'.

9. How long your personal data will be kept

We will keep your personal data while you have an account with us or we are providing services to you. Thereafter, we will keep your personal data for as long as is necessary:
  • to respond to any questions, complaints or claims made by you or on your behalf
  • to show that we treated you fairly
  • to mitigate fraud against us or our active users
  • to keep records required by law
We will not retain your personal data for longer than necessary for the purposes for which it was collected. Different retention periods apply for different types of personal data.
When it is no longer necessary to retain your personal data, we will delete or anonymize it.

10. Transferring your personal data out of the EEA

To deliver services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA), e.g.:
  • with our offices outside the EEA;
  • with your and our service providers located outside the EEA;
  • if you are based outside the EEA;
  • where there is an international dimension to the services we are providing to you.
These transfers are subject to special rules under European and UK data protection law.
These non-EEA countries do not have the same data protection laws as the United Kingdom and EEA. We will, however, ensure the transfer complies with data protection law and all personal data will be secure. Our standard practice is to use standard data protection contract clauses that have been approved by the European Commission. To obtain a copy of those clauses or if you would like further information please contact us (see 'How to contact us' below).

11. Your rights

You have the following rights, which you can exercise free of charge:
Access The right to be provided with a copy of your personal data (the right of access)
Rectification The right to require us to correct any mistakes in your personal data
To be forgotten The right to require us to delete your personal data—in certain situations
Restriction of processing The right to require us to restrict processing of your personal data—in certain circumstances, e.g. if you contest the accuracy of the data
Data portability The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object The right to object:
—at any time to your personal data being processed for direct marketing (including profiling);
—in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision making The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
If you would like to exercise any of those rights, please:
  • complete a data subject request form—available on our website at Data Subject Access Request; or
  • email, call or write to us—see below: 'How to contact us'; and
  • let us have enough information to identify you (e.g. your full name, address and customer or matter reference number);
  • let us have proof of your identity and address (a copy of your driving license or passport and a recent utility or credit card bill); and
  • let us know what right you want to exercise and the information to which your request relates.

12. Right to Withdraw Consent

In addition to the above rights, where we are relying on consent as the lawful basis for the processing of your personal data you can withdraw your consent at any time, although this will not affect the lawfulness of any processing based on your consent which occurred prior to the withdrawal.

13. Keeping your personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

14. How to complain

We hope that we can resolve any query or concern you may raise about our use of your information.
If you are located in the European Economic Area, United Kingdom or Switzerland, the General Data Protection Regulation gives you the right to lodge a complaint with a supervisory authority in the country where you work, normally live or where any alleged infringement of data protection laws occurred.

15. Privacy Notice for California Residents

California Consumer Privacy Act of 2018 ("CCPA") is a privacy law that establishes various rights for California residents. This specific Section 15 (Privacy Notice for California Residents) supplements the information contained in this privacy policy and applies solely to individuals who reside in the State of California. This Section 15 is being published to comply with the CCPA and any terms defined in the CCPA have the same meaning when used in this Section 15.
A. Personal information we collect about you
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we may have collected the following categories of personal information about its customers within the last 12 months:
Category Example Collected Source
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. YES Directly from you From your device or your use of our website
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. YES Directly from you From your device or your use of our website
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). YES Directly from you From your device or your use of our website
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. YES Directly from you From your device or your use of our website
E. Biometric information. Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO N/A
F. Internet or other similar network activity. Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. YES From your device or your use of our website
G. Geolocation data. Physical location or movements. YES From your device or your use of our website
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO N/A
I. Professional or employment-related information. Current or past job history or performance evaluations. NO N/A
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO N/A
K. Inferences drawn from other personal information. Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. YES From marketing and advertising service providers.
Please refer to Section 4 for additional information on “Source” and Section 3 of this privacy policy for more information about the information we collect.
B. How we use your personal information
Please refer to Section 5 of this privacy policy for how we use your personal information.
C. Sharing of your personal information
In the last twelve (12) months, we may have shared the following categories of personal information for a business purpose:
Category A Identifiers.
Category B California Customer Records personal information categories.
Category C Protected classification characteristics under California or federal law.
Category D Commercial information.
Category F Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.
Category G Physical location or movements.
Please refer to Section 7 of this privacy policy for categories of third parties to whom we disclose your personal information for a business purpose.
D. Your Rights and Choices
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:
  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business or commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
    – sales, identifying the personal information categories that each category of recipient purchased; and
    – disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Access to Specific Information and Data Portability Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Comply with a legal obligation.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by:
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. We will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
Personal Information Sale and Opt-Out Right
If you are a California resident, you have the right to direct a business not to sell your personal information. We do not sell information that directly identifies you, such as your name and email address. We share certain information and allow third parties to collect certain information about your activity, for example through cookies, as explained in our cookie policy. We do not believe these activities are a sale of personal information under the current regulatory guidance for the CCPA.
Non-Discrimination
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
  • Deny you goods or services.
  • Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Provide you a different level or quality of goods or services.
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

16. Changes to this privacy policy

This privacy notice was last updated on September 18, 2020.
We may change this privacy notice from time to time—when we do we will inform you by posting the updated privacy policy on the Site or by email.

17. How to contact us

Please contact us by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.
Our contact details are shown below:
Our contact details
112, Mokdongjungangbuk-ro, Yangcheon-gu, Seoul, 07971 Korea
[email protected]
+82-2-6272-0984