Privacy Policy

Effective date: 11th May 2026 Last updated: 11th May 2026

 

1. About this policy

This privacy policy explains how Athlos Game Technologies Ltd (“Athlos”, “we”, “us”, “our”) collects, uses, shares, and protects personal data when you visit athlos.gg (the “Site”), create an Athlos account, or otherwise interact with our products, services, communications, or events (together, the “Services”).

 

We are a “controller” of your personal data under the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018, and — where it applies to you — under the EU General Data Protection Regulation (“EU GDPR”).

 

If you have any questions about this policy or how we handle your personal data, contact us at [email protected].

2. Who we are

Legal name	Athlos Game Technologies Ltd
Company number	14201359 (England & Wales)
Registered office	128 City Road, London, EC1V 2NX, United Kingdom
Website	https://athlos.gg
Privacy contact	[email protected]

 

We have appointed a person with day-to-day responsibility for data protection at Athlos. You can reach them at the privacy contact address above.

3. The personal data we collect

We collect the following categories of personal data. Not all of it applies to every user — what we hold about you depends on how you use the Services.

 

Account and profile data. Name or display name, gamertag/handle, email address, password (stored as a salted hash), date of birth or age confirmation, country, language preference, profile image, and any other details you choose to add to your profile.

 

Authentication and linked accounts. Where you sign in with a third-party account (for example Steam, Discord, Epic Games, Xbox, PlayStation Network, Google, or Apple), we receive a limited set of identifiers and profile fields from that provider in line with the permissions you grant.

 

Gameplay and product-usage data. In-product activity, match and session data, performance statistics, leaderboards, friends and party data, in-product purchases, achievements, settings, and similar telemetry generated when you use the Services.

 

Communications data. Messages you send us through forms, email, support tickets, social media, or community channels, and metadata about those communications (timestamps, sender, recipient).

 

Transactional and payment data. Where you buy something from us, the items purchased, amount, currency, billing country, transaction reference, and a token returned by our payment processor. We do not store full card numbers — those are handled directly by our payment processor.

 

Device, log, and technical data. IP address (which is personal data under UK GDPR), device type and identifiers, operating system, browser type and version, app version, language settings, time-zone setting, referring URLs, pages viewed, time spent, error logs, and performance/diagnostic data.

 

Cookies and similar technologies. See section 6 below.

 

Marketing and preference data. Your contact preferences, opt-ins, opt-outs, and how you have engaged with our marketing communications.

 

Information from third parties. Information we receive from analytics providers, anti-fraud and anti-cheat providers, advertising partners, social platforms, and publicly available sources, in each case where they have a lawful basis to share it with us.

 

We do not deliberately collect special category data (such as health, racial or ethnic origin, religious beliefs, or sexual orientation) and ask that you do not submit it to us through the Services. If you do, you consent to our processing it as part of the relevant interaction.

4. How we use your personal data, and our lawful bases

Under UK GDPR we must rely on a lawful basis for each processing activity. The table below sets out what we do, why, and the basis we rely on.

 

What we do	Why	Lawful basis
Create and operate your account; authenticate you; let you use the Services	To deliver what you have signed up for	Performance of a contract
Link third-party gaming/social accounts at your request	To enable features you have chosen	Performance of a contract; consent for any optional data shared by the third party
Process payments, refunds, and chargebacks	To fulfil purchases and meet financial-record obligations	Performance of a contract; legal obligation
Provide customer support and respond to enquiries	To resolve issues and assist you	Performance of a contract; legitimate interest in user support
Operate matchmaking, leaderboards, social and in-product features	To deliver the gameplay experience	Performance of a contract
Detect, prevent, and investigate cheating, fraud, abuse, and breaches of our terms	To protect users and the integrity of the Services	Legitimate interest; legal obligation
Maintain security, monitor for incidents, and recover from them	To keep the Services secure	Legitimate interest; legal obligation
Operate analytics to understand product usage and improve the Services	To improve and develop the Services	Legitimate interest; consent for any cookies or trackers that require it
Send service messages (account, security, transactional, policy updates)	To keep you informed about your account	Performance of a contract; legal obligation
Send marketing communications about Athlos products	To tell you about things we think you’ll be interested in	Consent (or, where lawful for existing customers, our “soft opt-in” legitimate interest under the Privacy and Electronic Communications Regulations)
Personalise content and recommendations	To make the Services more relevant	Legitimate interest; consent where required
Show or measure advertising about Athlos on other platforms	To reach prospective users	Consent
Run competitions, events, beta programmes, and research	To engage with our community	Performance of a contract (terms of the activity); consent for optional research
Comply with law and respond to lawful requests from authorities	To meet our legal obligations	Legal obligation
Establish, exercise, or defend legal claims	To protect our rights	Legitimate interest; legal obligation
Carry out a corporate transaction (e.g. financing, restructuring, sale)	To facilitate the transaction	Legitimate interest

 

 

Where we rely on legitimate interests, we have carried out a balancing assessment to make sure your rights and freedoms are not overridden. You can object to processing based on legitimate interests at any time — see section 11.

 

Where we rely on consent, you can withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

5. Sources of personal data

We collect personal data:

 

• directly from you, when you register, log in, configure your account, communicate with us, make a purchase, take part in an event or survey, or otherwise interact with the Services;
• automatically, when you use the Services, through cookies, SDKs, and similar technologies; and
• from third parties, including SSO providers, payment processors, analytics and advertising partners, anti-fraud and anti-cheat services, social platforms, and publicly available sources.

6. Cookies and similar technologies

We use cookies and similar technologies (such as pixels, SDKs, and local storage) to operate the Site, to remember your preferences, to measure performance, and — where you consent — for analytics and marketing.

 

Categories we use:

 

• Strictly necessary — required for the Site and account to work (session management, load balancing, security, fraud prevention). These cannot be turned off.
• Functional — remember your choices (such as language, region, and display preferences).
• Analytics — help us understand how the Services are used so we can improve them.
• Marketing and advertising — used by us and our partners to measure campaigns and to show you Athlos content on other sites and apps.

 

Non-essential cookies are only set with your consent, which you can give, refuse, or withdraw through our cookie banner and preference centre. You can also control cookies through your browser settings. Note that blocking certain cookies may affect how the Services work.

 

A detailed and current list of the cookies set on athlos.gg — including name, purpose, provider, type, and duration — is available on our [Cookie Settings] page.

7. Marketing communications

We will only send you marketing about Athlos where you have given us consent, or where we are otherwise permitted to do so under UK law (for example, the “soft opt-in” under regulation 22(3) of the Privacy and Electronic Communications Regulations 2003, where you have bought a similar product from us and did not opt out at the time).

 

Every marketing email contains an unsubscribe link, and you can also opt out at any time by emailing [email protected] or by updating the preferences in your account. Opting out of marketing does not stop us sending operational messages about your account, your purchases, security incidents, or policy changes.

8. Who we share your personal data with

We share personal data with the following categories of recipients. Each acts either as our processor (under our instructions and contract) or as a separate controller where required by law or by their own role.

 

• Hosting and infrastructure providers that operate the platforms our Services run on.
• Authentication and SSO providers (such as Steam, Discord, Epic, Xbox, PlayStation, Google, Apple) where you choose to link an account.
• Payment processors that handle card and other payment transactions for us.
• Customer support and communications tools that help us respond to you.
• Email and messaging providers that deliver transactional and marketing communications.
• Analytics providers that help us understand how the Services are used.
• Advertising and measurement partners that help us reach and measure prospective users (only where you have consented).
• Anti-cheat, anti-fraud, and security providers that protect the Services and our users.
• Professional advisers such as lawyers, accountants, auditors, and insurers.
• Authorities, regulators, and law enforcement, where we are required by law to disclose or where disclosure is necessary to protect our rights or the safety of others.
• A successor or acquirer in connection with a financing, merger, acquisition, restructuring, or sale of all or part of our business.
• Other users and the public, but only to the extent you choose to publish information through public profiles, leaderboards, social features, or community channels.

 

We do not sell your personal data, and we do not share it for cross-context behavioural advertising except where you have given the relevant consent.

 

A current list of our key processors is available on request from [email protected].

9. International transfers

Some of the recipients listed above are based outside the United Kingdom and the European Economic Area, including in the United States and other jurisdictions. Where we transfer personal data outside the UK or EEA, we rely on one or more of the following safeguards permitted under UK GDPR and EU GDPR:

 

• the destination country is the subject of UK or European Commission adequacy regulations;
• we put in place Standard Contractual Clauses (the EU SCCs and the UK International Data Transfer Addendum, or the UK International Data Transfer Agreement) with the recipient, together with any supplementary measures required after a transfer risk assessment;
• the transfer is necessary for the performance of a contract with you, or for pre-contractual steps you have requested;
• you have given explicit consent to the specific transfer after being informed of the risks.

 

You can ask us for more information about the safeguards in place for a specific transfer by emailing [email protected].

10. How long we keep your personal data

We keep personal data only for as long as we need it for the purposes set out in this policy or as required by law. The main retention rules we apply are:

 

Category	Retention
Active account data	For the life of the account, plus up to 24 months after closure to allow for re-activation, dispute resolution, and compliance
Gameplay and telemetry data	For as long as needed to operate the Services; aggregated/de-identified data may be kept longer
Transaction and payment records	At least 6 years from the end of the relevant tax year (UK statutory requirement under the Companies Act 2006 and HMRC rules)
Customer support communications	Up to 24 months after the last interaction
Marketing consent and preference records	Until consent is withdrawn, plus up to 24 months for audit purposes
Server, security, and audit logs	Up to 12 months, longer for incident-related logs
Anti-cheat and ban records	For as long as needed to enforce our terms and protect the integrity of the Services
Cookie data	As set out in the cookie information on the Site

 

When we no longer need personal data, we delete it or anonymise it so that it can no longer be linked back to you.

11. Your rights

Subject to certain conditions and exceptions in UK GDPR (and EU GDPR where it applies to you), you have the right to:

 

• be informed about how we process your personal data — which is the purpose of this policy;
• access the personal data we hold about you and receive a copy;
• request the correction of inaccurate or incomplete personal data;
• request the deletion of personal data (“right to be forgotten”), where we no longer have a lawful basis to keep it;
• request the restriction of processing while we investigate a concern;
• object to processing based on legitimate interests, and object at any time to direct marketing;
• request data portability for personal data you have provided to us where we process it on the basis of consent or contract by automated means;
• not be subject to a decision based solely on automated processing that produces a legal or similarly significant effect on you; and
• withdraw consent at any time where we rely on consent (without affecting the lawfulness of processing before withdrawal).

 

To exercise any of these rights, email [email protected] from the address linked to your account, or use the in-product tools where available. We will respond within one month, which may be extended by up to two further months for complex requests (we will tell you if that is the case).

 

You also have the right to complain to a supervisory authority. In the UK that is the Information Commissioner’s Office (ICO) — https://ico.org.uk, helpline 0303 123 1113. In the EU it is the data protection authority in the Member State of your habitual residence, place of work, or place of the alleged infringement. We would, however, appreciate the chance to address your concerns before you approach the regulator.

12. Security

We use technical and organisational measures appropriate to the risk to protect personal data, including encryption of data in transit (TLS), access controls, separation of environments, monitoring and logging, vendor due diligence, secure software development practices, and staff training. No internet-based service is perfectly secure; we cannot guarantee absolute security, but we work to maintain a level of security appropriate to the risk.

 

If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office within 72 hours of becoming aware of it, where required by UK GDPR. We will also notify affected users without undue delay where the breach is likely to result in a high risk to their rights and freedoms.

13. Children

The Services are intended for users aged 18 and over. We do not knowingly collect personal data from anyone under 18. If we learn that we have collected personal data from a child without appropriate consent, we will delete it as soon as reasonably possible. If you are a parent or guardian and believe your child has provided personal data to us, contact [email protected] and we will take appropriate action.

 

[Alternative wording if the Services are open to under-18s: please replace this section with a version that complies with the ICO Age Appropriate Design Code (Children’s Code), addresses parental responsibility, default privacy settings, age-assurance measures, and — for any users under 13 in the United States — the Children’s Online Privacy Protection Act (COPPA).]

14. Automated decision-making

We do not currently make decisions about you based solely on automated processing that have a legal or similarly significant effect on you. We do use automated systems to help operate the Services (for example, fraud and cheat detection, content moderation, and security monitoring), but a person reviews material outcomes — such as account suspensions or bans — where required. If this changes, we will update this policy and provide the additional information that UK GDPR requires.

15. Third-party links

The Services may contain links to, or embedded content from, third-party websites, apps, and platforms that we do not control. This policy does not apply to those third parties. We encourage you to read their privacy notices before sharing personal data with them.

16. Changes to this policy

We may update this policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. The “Last updated” date at the top of this page will reflect the most recent revision. For material changes, we will provide additional notice — for example, by email or a prominent notice on the Site — before the change takes effect.

17. How to contact us

For any questions about this policy or our handling of your personal data:

 

Athlos Game Technologies Ltd 128 City Road London EC1V 2NX United Kingdom

 

Email: [email protected]

 

You also have the right to lodge a complaint with the Information Commissioner’s Office (https://ico.org.uk) or your local EU/EEA supervisory authority.