Data Protection

GDPR Compliance

Last updated: March 1, 2026

1. Our Commitment to GDPR

GoldenDrift Entertainment Ltd. is fully committed to compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the UK Data Protection Act 2018. We respect and protect the privacy rights of all individuals who interact with our website, sparkDriftStudio.games.

This page outlines how we handle personal data in accordance with GDPR requirements, your rights as a data subject, and how you can exercise those rights.

2. Data Controller

The data controller responsible for your personal data is:

GoldenDrift Entertainment Ltd.
18 Victoria Embankment, London, EC4Y 0DZ, United Kingdom
Email: support@sparkDriftStudio.games
Director: Richard A. Pemberton

3. Lawful Basis for Processing

Under GDPR, we process personal data only when we have a lawful basis to do so. The legal bases we rely upon include:

  • Consent (Article 6(1)(a)): When you explicitly agree to cookie usage or submit information through our contact form. You may withdraw consent at any time.
  • Legitimate Interests (Article 6(1)(f)): For website analytics, security measures, and fraud prevention, where our legitimate interests do not override your fundamental rights.
  • Legal Obligation (Article 6(1)(c)): When processing is necessary to comply with legal requirements, such as regulatory obligations or law enforcement requests.

4. Your Rights Under GDPR

As a data subject within the European Economic Area (EEA) or United Kingdom, you have the following rights:

4.1 Right to Be Informed (Articles 13-14)

You have the right to know what personal data we collect, how we use it, and with whom we share it. This GDPR page, along with our Privacy Policy, fulfills this obligation.

4.2 Right of Access (Article 15)

You may request a copy of all personal data we hold about you. We will provide this information free of charge within 30 days of receiving your verified request.

4.3 Right to Rectification (Article 16)

If any personal data we hold about you is inaccurate or incomplete, you have the right to request its correction or completion without undue delay.

4.4 Right to Erasure (Article 17)

Also known as the "right to be forgotten," you may request the deletion of your personal data when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and no other legal basis exists for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

4.5 Right to Restrict Processing (Article 18)

You may request that we limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

4.6 Right to Data Portability (Article 20)

Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

4.7 Right to Object (Article 21)

You have the right to object to the processing of your personal data based on legitimate interests. Upon receiving your objection, we will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

4.8 Rights Related to Automated Decision-Making (Article 22)

We do not currently engage in automated decision-making or profiling that produces legal effects concerning you.

5. Data Processing Activities

We process the following categories of personal data:

  • Contact Information: Name and email address (provided voluntarily via contact form)
  • Technical Data: IP address (anonymized), browser type, operating system, device information
  • Usage Data: Pages visited, session duration, referral sources (collected via analytics)
  • Preference Data: Age verification status, cookie consent status (stored locally on your device)

6. International Data Transfers

Some of our third-party service providers (such as Google for analytics, Maps, and Fonts) may process data outside the EEA. Where this occurs, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Certification mechanisms such as the EU-US Data Privacy Framework

7. Data Protection Measures

We implement robust technical and organizational measures to protect your personal data, including:

  • SSL/TLS encryption for all data transmissions
  • Regular security assessments and vulnerability testing
  • Strict access controls and employee confidentiality agreements
  • Data minimization — we only collect what is strictly necessary
  • Regular review and updating of security protocols

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact form submissions: Retained for up to 12 months, then securely deleted
  • Analytics data: Retained in anonymized form for up to 26 months
  • Local storage data: Remains on your device until you clear your browser data

9. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact our Data Protection team:

  • Email: support@sparkDriftStudio.games
  • Subject line: "GDPR Data Request — [Your Right]"
  • Response time: We will respond within 30 calendar days of receiving your verified request

We may need to verify your identity before processing your request. If your request is complex or numerous, we may extend the response period by an additional 60 days, notifying you of the extension and reasons within the initial 30-day period.

10. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority:

  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • EU: Your local Data Protection Authority (DPA) in your country of residence

We encourage you to contact us first so we can attempt to resolve your concern directly.

11. Changes to This Policy

We will review and update this GDPR compliance page as needed to reflect changes in our data processing practices, legal requirements, or regulatory guidance. Material changes will be communicated through a notice on our website.

Age Verification

You must be 18 years or older to access this website.