Legal

Privacy Policy

Effective: 1 July 2026 · Last updated: 12 July 2026 · Governing law: England & Wales

DropMarket Ltd · Company No. 17309867 · support@dropmarket.gg

Controller: DropMarket Ltd, 82a James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE. Contact: support@dropmarket.gg.

Categories of personal data

Identity and contact data; account credentials; KYC data (ID documents; selfie/liveness/biometric verification via provider); transaction, order and payout data; device, cookie and usage data; on-platform communications and chat; dispute records.

Lawful bases (UK GDPR Art. 6) — mapped to purpose

  • Performance of a contract — operating your account and the marketplace, processing Orders.
  • Legal obligation — AML/KYC checks, sanctions screening, tax and platform reporting to HMRC, statutory record-keeping.
  • Legitimate interests — fraud prevention, Platform security, service improvement, dispute handling (balanced against your rights).
  • Consent — non-essential cookies and any direct marketing (withdrawable at any time).

Recipients

Payment partners — CoinGate (UAB “Decentralized”, Lithuania) and Tazapay (planned); KYC/verification provider (which screens against sanctions/PEP/adverse-media lists); hosting and IT sub-processors; professional advisers; and regulators or authorities where legally required (HMRC, ICO, NCA, law enforcement).

International transfers

Because Users and providers operate outside the UK, personal data is transferred internationally (including to the EEA, e.g., Lithuania). Transfers rely on UK adequacy regulations where available, or the UK International Data Transfer Agreement (IDTA) / the UK Addendum to the EU SCCs, with appropriate safeguards; a copy of the safeguards can be requested at support@dropmarket.gg.

Retention

KYC/AML records: retained for the statutory period after the business relationship ends. Transaction and accounting records: retained for the period required by tax law. Account data: retained while your account is active and for a reasonable period afterwards. Specific periods are applied per data category.

Your rights

Access, rectification, erasure, restriction, portability, objection, and rights regarding automated decision-making. Exercise them via support@dropmarket.gg. You may complain to the ICO (ico.org.uk).

Complaints duty (2026)

In line with the Data (Use and Access) Act 2025 (DPA 2018 s.164A, effective 19 June 2026), we acknowledge data-protection complaints within 30 days and respond without undue delay.

Cookies: see the Cookie Policy. This policy reflects UK data-protection law as amended by the DUAA 2025, with all data-protection provisions in force as confirmed by the ICO on 19 June 2026.