GDPR & KVKK | GameHost

1. Overview

GameHost is committed to protecting your personal data and respecting your privacy rights. This page explains our compliance with:

GDPR

The EU General Data Protection Regulation (Regulation 2016/679) — applicable to all individuals in the European Economic Area (EEA) and UK.

KVKK

The Turkish Personal Data Protection Law (Law No. 6698, "Kişisel Verilerin Korunması Kanunu") — applicable to individuals resident in Turkey.

For full details of what data we collect and how we use it, please read our Privacy Policy.

2. Legal Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. We rely on the following:

Contract Performance

Processing your name, email, billing address, and payment information to set up and deliver your hosting service, send invoices, and provision your game server.

Legitimate Interests

Processing Log Data and analytics data to prevent fraud, ensure network security, investigate abuse reports, and improve our service. We balance this against your privacy interests.

Legal Obligation

Retaining billing records for the legally required period (7 years) to comply with tax and financial regulations.

Consent

Setting optional analytics cookies (where we ask for your consent via the cookie banner) and sending marketing communications (which you can opt into and withdraw at any time).

3. Your Rights Under GDPR

If you are located in the EU/EEA or UK, you have the following rights:

Right of Access (Art. 15)

Obtain a copy of all personal data we hold about you, plus information on how it is processed.

Right to Erasure (Art. 17)

Request deletion of your personal data where it is no longer necessary, you withdraw consent, or you object to processing.

Right to Rectification (Art. 16)

Correct inaccurate personal data or complete incomplete data.

Right to Portability (Art. 20)

Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.

Right to Restriction (Art. 18)

Request that we suspend processing of your data in certain circumstances, e.g. while accuracy is contested.

Right to Object (Art. 21)

Object to processing based on legitimate interests, including profiling. We must stop unless we can show compelling legitimate grounds.

Rights re: Automated Decisions (Art. 22)

Not be subject to solely automated decisions that produce legal or significant effects. We do not engage in automated individual decision-making.

Right to Withdraw Consent

Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing.

4. Your Rights Under KVKK

If you are located in Turkey, under KVKK Article 11 you have the right to:

Learn whether your personal data has been processed
Request information about the purpose of processing and whether data is used in accordance with that purpose
Know the third parties to whom your data has been transferred, domestically or abroad
Request rectification of incomplete or inaccurate data
Request deletion or destruction of data where the reasons for processing no longer exist
Request notification of rectification/deletion to third parties to whom data was disclosed
Object to processing that results in adverse consequences through automated systems
Claim compensation for damages caused by unlawful processing

KVKK requests can be submitted in Turkish or English via email to [email protected]. We will respond within 30 days (or within the legally required period under KVKK).

5. International Data Transfers

Our infrastructure spans multiple regions (EU, UK, US, Singapore). When we transfer your data outside the EEA, we rely on one or more of the following safeguards:

Adequacy decisions: Transfers to countries the European Commission has deemed adequate.
Standard Contractual Clauses (SCCs): EU-approved contract terms with all processors outside the EEA.
Stripe: Processes payments under SCCs and is certified under applicable frameworks.

6. Data Protection Officer

GameHost has appointed a Data Protection contact responsible for overseeing compliance with data protection law. You may contact our DPO directly at [email protected] with the subject line "DPO Request."

7. How to Exercise Your Rights

To submit a data subject request (access, erasure, portability, etc.):

Email [email protected] with the subject line matching your request type (e.g. "Data Access Request", "Erasure Request").
Include the email address associated with your GameHost account so we can verify your identity.
We will acknowledge your request within 5 business days and respond fully within 30 days (extendable to 3 months for complex requests, with notice).
We do not charge a fee for reasonable requests. Manifestly unfounded or excessive requests may incur a reasonable administrative fee.

8. Supervisory Authorities

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the relevant supervisory authority:

EU / EEA residentsYour national data protection authority. A full list is available at: edpb.europa.eu/about-edpb/about-edpb/members_en

UK residentsInformation Commissioner's Office (ICO) — ico.org.uk

Turkey residentsPersonal Data Protection Authority (KVKK Kurumu) — kvkk.gov.tr

We always encourage you to contact us first at [email protected] — most concerns can be resolved quickly without a formal complaint.

GDPR & KVKK Compliance