Privacy Policy

1. Data Controller

The data controller of personal data within the meaning of Regulation (EU) 2016/679 (GDPR) and applicable national laws is Synergy Digital Services Ltd, a company governed by the law of England & Wales, operator of the Elite64 platform.

2. Personal Data Collected

In Phase 1, the personal data collected and processed are strictly limited to those necessary for the operation of the service. They include in particular:

• Identity and account data: username, email address
• Date of birth (for age and eligibility verification)
• Country code (indication of the country)
• Session and authentication data necessary for the secure operation of the account
• Data relating to participation in tournaments and payment history (transactions within the scope of the service)

No active geolocation processing or advanced marketing tracking is deployed in Phase 1.

3. Purposes of Processing

Data are processed exclusively for the following purposes in Phase 1:

• Management of the user account and participation in competitions (tournaments)
• Verification of age and eligibility for the service
• Execution of payment operations and flows related to competitions (payment history)
• Sending communications necessary for the service (account notifications, important information)
• Compliance with applicable legal and regulatory obligations
• User support and handling of disputes in accordance with the published rules

4. Legal Basis for Processing

Each processing activity is based on an appropriate legal basis:

• Performance of the contract: management of the account, participation in tournaments, and payment operations related to the service
• Legal obligation: retention of data to comply with legal or regulatory obligations
• Legitimate interest: security of the service, prevention of abuse, handling of disputes and support
• Consent: where obtained for specific purposes (for example, certain optional communications)

5. Processors and Service Providers

The data controller relies on service providers for hosting, infrastructure and payments. Responsibility for processing personal data remains entirely with the data controller; processors act only on instructions and within the contractual framework defined.

Hosting and infrastructure

Infomaniak is used as the hosting and infrastructure service provider. Infomaniak acts as a processor within the meaning of Article 28 of the GDPR. Data are hosted primarily in data centres located in Europe (Switzerland / European Union). Appropriate technical and organisational measures are implemented to protect the data; the relationship is governed by contractual and operational commitments in line with Article 28, without any assertion of overall certification or compliance.

Payments

Stripe is used as the payment service provider (PSP) for payment transactions related to the service. The data processed by Stripe in this context are handled in accordance with its applicable terms and documentation.

6. Hosting and Data Security

The hosting infrastructure is provided by Infomaniak, a European/Swiss provider acting as a processor within the meaning of Article 28 of the GDPR. Data are hosted primarily in data centres located in Europe (Switzerland / European Union).

Appropriate technical and organisational measures are implemented to protect personal data against unauthorised access, loss, alteration or disclosure. These measures are based on contractual and operational obligations with the processors concerned, without asserting certification or overall compliance beyond this framework.

The data controller retains control over the purposes and means of processing; responsibility for processing is not transferred to processors.

7. Data Retention

Personal data are retained for the period necessary to provide the service, manage the account and comply with applicable legal or regulatory obligations. After the account is closed or the need ceases, data are deleted or anonymised within timeframes compatible with those obligations. No excessive retention is carried out in Phase 1.

8. Users' Rights

In accordance with the GDPR and applicable national laws, you have the following rights:

• Right of access to your personal data
• Right to rectification of inaccurate or incomplete data
• Right to erasure (under the conditions provided for by law)
• Right to data portability (where applicable)
• Right to object to or restrict processing (under the conditions provided for by law)

To exercise these rights, you may contact the data controller at the address indicated in section 12.

You also have the right to lodge a complaint with a supervisory authority competent in data protection matters (for example the CNIL in France, the ICO in the United Kingdom, or the authority of your country of residence).

9. Cookies and Similar Technologies (Phase 1)

In Phase 1, the platform uses cookies and similar technologies that are strictly necessary for the operation of the service: session, authentication, security and essential preferences.

No advanced marketing tracking cookies or unapproved advertising cookies are deployed in Phase 1. You can manage cookies via your browser settings; certain site features may depend on them.

10. International Transfers

Data are hosted primarily in Europe (Switzerland / European Union) through the hosting provider mentioned in sections 5 and 6. At the current stage of the Phase 1 rollout, processing remains located within this area.

The payment provider (Stripe) may, according to its own configuration and documentation, process data in other countries. Where transfers take place outside the European Economic Area, appropriate safeguards (standard contractual clauses, adequacy decisions or equivalent mechanisms) are applied in accordance with applicable law.

11. Changes to This Policy

The data controller reserves the right to amend this privacy policy. Changes will be brought to users' attention by publication on the platform, indicating the date of last revision. Material changes will be the subject of separate information where possible. Continued use of the service after publication constitutes acknowledgement of the changes.