← Back to Home

GDPR Information for UK Users

Last Updated: December 16, 2025

1. Overview

This document provides information about how PoppyHideout complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This applies to all users located in the United Kingdom.

2. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: When you have given clear consent for us to process your personal data for specific purposes
  • Contract: When processing is necessary for the performance of a contract with you
  • Legal Obligation: When processing is necessary for compliance with a legal obligation
  • Legitimate Interests: When processing is necessary for our legitimate interests, provided your rights and freedoms do not override those interests

3. Your Rights Under UK GDPR

3.1 Right to be Informed

You have the right to be informed about the collection and use of your personal data. This Privacy Policy and this GDPR document provide this information.

3.2 Right of Access

You have the right to access your personal data and receive a copy of the personal data we hold about you. You can make a subject access request by contacting us at privacy@poppyhideout.games.

3.3 Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete data completed. You can update your information through your account settings or by contacting us.

3.4 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data in certain circumstances, including when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there is no other legal basis
  • The data has been unlawfully processed
  • Erasure is required for compliance with a legal obligation

3.5 Right to Restrict Processing

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

3.6 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where technically feasible.

3.7 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds.

3.8 Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects or similarly significantly affect you.

4. Data Controller Information

Data Controller: PoppyHideout

Contact Information:

  • Email: privacy@poppyhideout.games
  • Website: poppyhideout.games

5. Data Processing Activities

5.1 Categories of Personal Data

We process the following categories of personal data:

  • Identity data (name, username)
  • Contact data (email address)
  • Technical data (IP address, browser type, device information)
  • Usage data (how you use our website)
  • Marketing and communications data (preferences)

5.2 Purposes of Processing

We process your personal data for the following purposes:

  • To provide and maintain our services
  • To manage your account and process transactions
  • To communicate with you
  • To improve our services and user experience
  • To ensure security and prevent fraud
  • To comply with legal obligations

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements. When determining retention periods, we consider:

  • The amount, nature, and sensitivity of the data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data
  • Whether we can achieve those purposes through other means
  • Applicable legal requirements

7. Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments
  • Access controls and authentication
  • Staff training on data protection
  • Incident response procedures

8. International Transfers

If we transfer your personal data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions by the UK government
  • Standard contractual clauses
  • Binding corporate rules
  • Other approved transfer mechanisms

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority (the Information Commissioner's Office in the UK) without undue delay, and in any event within 72 hours where feasible.

10. Supervisory Authority

If you are located in the UK and have concerns about our data processing practices, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
Phone: 0303 123 1113

11. Exercising Your Rights

To exercise any of your rights under UK GDPR, please contact us at privacy@poppyhideout.games. We will respond to your request within one month, though this may be extended by two months for complex requests.

We may need to verify your identity before processing your request. We will not charge a fee unless your request is manifestly unfounded or excessive.

12. Updates to This Information

We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes.

13. Contact Us

For any questions or concerns regarding your data protection rights or our GDPR compliance, please contact us:

Email: privacy@poppyhideout.games
Website: poppyhideout.games