Privacy Policy
Effective: 1 July 2026 · Last updated: 12 July 2026 · Governing law: England & Wales
DropMarket Ltd · Company No. 17309867 · support@dropmarket.gg
Controller: DropMarket Ltd, 82a James Carter Road, Mildenhall, Bury St. Edmunds, England, IP28 7DE. Contact: support@dropmarket.gg.
Categories of personal data
Identity and contact data; account credentials; KYC data (ID documents; selfie/liveness/biometric verification via provider); transaction, order and payout data; device, cookie and usage data; on-platform communications and chat; dispute records.
Lawful bases (UK GDPR Art. 6) — mapped to purpose
- Performance of a contract — operating your account and the marketplace, processing Orders.
- Legal obligation — AML/KYC checks, sanctions screening, tax and platform reporting to HMRC, statutory record-keeping.
- Legitimate interests — fraud prevention, Platform security, service improvement, dispute handling (balanced against your rights).
- Consent — non-essential cookies and any direct marketing (withdrawable at any time).
Recipients
Payment partners — CoinGate (UAB “Decentralized”, Lithuania) and Tazapay (planned); KYC/verification provider (which screens against sanctions/PEP/adverse-media lists); hosting and IT sub-processors; professional advisers; and regulators or authorities where legally required (HMRC, ICO, NCA, law enforcement).
International transfers
Because Users and providers operate outside the UK, personal data is transferred internationally (including to the EEA, e.g., Lithuania). Transfers rely on UK adequacy regulations where available, or the UK International Data Transfer Agreement (IDTA) / the UK Addendum to the EU SCCs, with appropriate safeguards; a copy of the safeguards can be requested at support@dropmarket.gg.
Retention
KYC/AML records: retained for the statutory period after the business relationship ends. Transaction and accounting records: retained for the period required by tax law. Account data: retained while your account is active and for a reasonable period afterwards. Specific periods are applied per data category.
Your rights
Access, rectification, erasure, restriction, portability, objection, and rights regarding automated decision-making. Exercise them via support@dropmarket.gg. You may complain to the ICO (ico.org.uk).
Complaints duty (2026)
In line with the Data (Use and Access) Act 2025 (DPA 2018 s.164A, effective 19 June 2026), we acknowledge data-protection complaints within 30 days and respond without undue delay.
Cookies: see the Cookie Policy. This policy reflects UK data-protection law as amended by the DUAA 2025, with all data-protection provisions in force as confirmed by the ICO on 19 June 2026.