Personal Data Protection Policy
PREAMBLE — IM’IN OÜ privacy and data protection commitments
Preamble
IM’IN values your personal data and your privacy. This Privacy Policy describes the conditions under which IM’IN OÜ, a company registered under Estonian law, with its registered office in Tallinn, Estonia, acts as data controller in processing your personal data.
IM’IN is committed to processing your personal data in accordance with applicable data protection regulations, notably the GDPR and other relevant laws. To ensure trust, IM’IN implements these key principles:
- Lawfulness: personal data is collected for specific, explicit and legitimate purposes, based on an appropriate legal ground.
- Transparency and fairness: you are informed of our processing operations; no data processing is carried out without your knowledge.
- Data minimization: only data strictly necessary for the intended purpose is collected.
- Storage limitation: data is retained only as long as necessary for the purposes or as required by law.
- Data security: technical and organizational measures are implemented to protect data integrity and confidentiality.
- Commitment of service providers: subcontractors are selected to ensure an equivalent level of data protection.
This policy applies to all IM’IN websites, mobile applications, tournaments, duels, and occasional online or physical events. We may update this policy; you will be notified of significant updates.
1. What data do we collect?
1.1 Data collected directly from you
The personal data we collect includes information you provide directly when creating an account, using our services, contacting support, or participating in tournaments or duels. This data includes:
- Identification data: full name, date and place of birth, postal address, email address.
- Banking data: IBAN
- Gameplay and participation data: match history, tournament participation, and results.
- Verification data: ID images, selfies or video verification.
- Contact data: communications with customer support.
1.2 Data collected indirectly
We may receive additional information from fraud-prevention organizations, payment verification partners, and IM’IN’s commercial or technical partners (login or payment integrations).
1.3 Cookies and similar technologies
We use cookies and other tracking technologies to enhance user experience, collect analytical data, and manage preferences.
2. How do we use your personal data?
All processing operations are performed for specific, legitimate and proportionate purposes, based on one of the following legal grounds: compliance with legal obligations, contractual necessity, your consent, or IM’IN’s legitimate interest.
2.1 Account management and customer relationship
We use your personal data to create, verify, and manage your IM’IN account, and to provide support for your requests and complaints. This includes managing ticket balances, payment operations, and verification procedures. Bank details are stored securely via our payment partner and can be deleted in account settings.
2.2 Commercial communication and service customization
If you consent, we may send personalized offers, newsletters, or event notifications based on your gaming preferences. You can withdraw consent or modify preferences in your account settings.
2.3 Use of the Site and Application
We process navigation and connection data to ensure the proper functioning of our website and mobile application. Essential cookies enabling core features are exempt from consent; others require your explicit approval.
2.4 Social networks
When you interact with IM’IN’s social media accounts, your data may be processed according to those platforms' privacy policies. IM’IN is not responsible for processing carried out by third-party services.
2.5 Fraud prevention, AML and anti-cheating
We implement automated and manual monitoring systems to detect and prevent identity theft, fraudulent payments, and cheating. Algorithmic analyses are always subject to human oversight.
2.6 Preservation of game integrity
We analyze game and match activity to detect cheating, collusion, or other prohibited behaviors as part of IM’IN’s legitimate interest in ensuring fair competition.
2.7 Promotional campaigns and reward programs
IM’IN may process additional data for promotional campaigns or random draws. Processing is based on IM’IN’s legitimate interest in promoting the platform and rewarding active users. Pseudonyms of winners may be published in accordance with privacy standards.
3. How long do we keep your data?
Retention periods are defined according to data type and legal obligations:
| Type of data | Retention period |
|---|---|
| Account and identity data | 6 years after account closure (legal obligation) |
| Financial and transaction data | 6 years after account closure |
| Cookies and tracers | 13 months from placement |
| Customer relationship and communication data | 3 years after last activity or consent withdrawal |
| Game and activity logs | Up to 24 months for dispute resolution and statistical purposes |
| Fraud prevention and AML data | 6 years from account closure |
After these periods, data is securely deleted or anonymized.
4. Who are the recipients of your data?
Your personal data may be shared, strictly when necessary, with:
- Supabase (U.S.), our database and hosting provider, under Standard Contractual Clauses (SCCs).
- Stripe Payments Europe, Ltd., our payment processor.
- Technical and IT service providers ensuring site functionality and security.
- Customer support subcontractors under confidentiality agreements.
- Competent authorities or regulators, where required by law (e.g., for AML or fraud investigations).
Your data will never be sold or transferred to third parties for marketing purposes.
5. Security of your data
IM’IN implements appropriate technical, organizational, and physical measures to protect personal data. Subcontractors are contractually bound to maintain equivalent security standards. Data exchanges are encrypted (HTTPS / TLS), and access to personal information is strictly limited to authorized staff.
6. Transfers of your data outside the EU
We primarily process and store your data within the EU. However, some service providers (e.g., Supabase or Stripe) may process data in the United States or other countries. In such cases, IM’IN ensures necessary safeguards are applied, including Standard Contractual Clauses (SCCs).
7. Cookies and other tracers
When you browse our site or app, cookies may be placed on your device to enable proper operation, analyze usage, and personalize your experience. You can manage your cookie preferences at any time through our cookie management tool. Cookies are retained for a maximum of 13 months. Refusing non-essential cookies will not affect basic navigation. For detailed information, refer to our Cookie Policy available on the website.
8. Your rights and how to exercise them
In accordance with the Regulation, you have the following rights:
- Right of access: obtain a copy of your personal data.
- Right of rectification: correct inaccurate or incomplete data.
- Right to erasure: request deletion of your data if no longer necessary or unlawfully processed.
- Right to restriction: temporarily suspend processing under specific conditions.
- Right to portability: receive your data in a structured, machine-readable format.
- Right to object: object to processing based on legitimate interest or direct marketing.
You can exercise these rights by emailing: support@imin.uno. IM’IN has not appointed a Data Protection Officer (DPO) at this stage. Privacy inquiries will be handled by the internal compliance team. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (AKI): https://www.aki.ee/en.
9. Updates to this policy
IM’IN reserves the right to update this Privacy Policy at any time. Substantial changes will be announced on the website and, where appropriate, by email notification. The updated version will include the effective date at the top of the document.