Data Processing Agreement
This Data Processing Agreement (“DPA”) applies where Gamenet Platform Limited (“Company”, “Gamenet”, “Processor”, “we”, “us”, “our”) processes personal data on behalf of a client (“Client”, “Controller”, “you”) in connection with non-gambling video game development, infrastructure engineering, analytics, LiveOps support, testing, support, maintenance or related technology services.
This DPA forms part of the applicable proposal, Statement of Work, service agreement, order form or other written agreement between the Company and the Client.
1. Company Details
This DPA is provided by:
Gamenet Platform Limited
Registration No: 228518
Registered Address: Ansuya Estate, Revolution Avenue, Suite 9, Victoria, Mahe, Seychelles
Website: https://gamenetplatform.com
Privacy Contact: privacy@gamenetplatform.com
2. Roles of the Parties
For the purposes of this DPA, the Client acts as the Controller of personal data, unless otherwise agreed in writing.
Gamenet acts as the Processor where it processes personal data on behalf of the Client.
The Client determines the purposes and means of processing. Gamenet processes personal data only to provide the agreed services and in accordance with the Client’s documented instructions.
3. Scope of Processing
Gamenet may process personal data only as necessary to provide the agreed services.
Processing may relate to game development support, server-side infrastructure, multiplayer systems, testing, analytics, LiveOps support, platform integration, issue resolution, technical support, maintenance, reporting and project communication.
Processing may include access, collection, storage, review, organisation, retrieval, use, transmission, testing, analysis, modification, deletion or other handling of personal data as required for project delivery.
4. Categories of Personal Data
Depending on the project, personal data may include:
- Business contact details.
- Project stakeholder information.
- User account data.
- Technical identifiers.
- Device or session information.
- Logs and diagnostics.
- Support ticket information.
- Analytics data.
- Testing data.
- Communication records.
- Data uploaded to systems configured, supported or maintained by the Company.
- Access credentials or system access details provided by the Client strictly for project delivery, subject to access controls and secure handling procedures.
Gamenet does not intentionally process sensitive personal data unless expressly agreed and necessary for the relevant project.
5. Categories of Data Subjects
Personal data may relate to:
- Client employees, contractors and representatives.
- Project stakeholders.
- Game users or testers.
- Support users.
- Vendors or platform representatives.
- Other individuals whose data is provided by or on behalf of the Client.
6. Client Instructions
Gamenet shall process personal data only in accordance with the applicable agreement, this DPA, the agreed project scope and the Client’s documented instructions.
If Gamenet believes that an instruction may violate applicable data protection law, it will notify the Client unless prohibited by law.
Gamenet shall not use personal data processed on behalf of the Client for unrelated commercial purposes.
7. Client Responsibilities
The Client is responsible for ensuring that personal data is collected and provided to Gamenet lawfully.
The Client is responsible for user notices, privacy disclosures, consents where required, age-related obligations, platform requirements, lawful game mechanics, data minimisation and the accuracy of processing instructions.
The Client is also responsible for ensuring that the project does not involve online casino, sports betting, gambling, wagering, lotteries, skins betting, real-money gaming, cash-out mechanics, adult content, unlawful tokenisation, crypto-assets, NFTs, deceptive monetisation, payment processing or regulated financial services.
8. Confidentiality
Gamenet shall ensure that personnel who may access personal data are subject to appropriate confidentiality obligations.
Access to personal data shall be limited to personnel who need such access for the purpose of providing the agreed services.
Confidentiality obligations continue after the relevant engagement ends to the extent required by applicable law or the applicable agreement.
9. Security Measures
Gamenet shall apply reasonable technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, alteration or disclosure.
These measures may include need-to-know access, project-based permissions, secure handling of access credentials, confidentiality obligations, controlled project environments, issue tracking, backup procedures where applicable, security review and incident escalation.
Additional information about our general security, confidentiality, access control, credential handling and incident response practices is available in our Trust Statement.
Project-specific security measures may be agreed separately in a Statement of Work, security addendum or service agreement.
10. Sub-processors
Gamenet may use third-party providers to support hosting, cloud infrastructure, communication, project management, development, analytics, testing, security, backup, accounting, legal support or other operational functions.
Gamenet shall ensure that sub-processors are subject to appropriate confidentiality and data protection obligations.
Where required by applicable law or by the applicable agreement, Gamenet will provide relevant sub-processor information and allow the Client to raise reasonable objections on data protection grounds.
11. International Transfers
Personal data may be processed in countries other than the country where the Client or data subjects are located.
Where required by applicable data protection law, Gamenet shall use appropriate transfer safeguards, such as contractual protections, data processing agreements, standard contractual clauses or other lawful transfer mechanisms.
12. Personal Data Breach
Gamenet shall notify the Client without undue delay after becoming aware of a personal data breach affecting personal data processed on behalf of the Client.
The notice shall include information reasonably available to Gamenet, such as the nature of the incident, affected data categories, likely consequences and measures taken or proposed.
The Client remains responsible for determining whether notification to regulators, users or other individuals is required, unless otherwise required by law or agreed in writing.
13. Assistance to the Client
Taking into account the nature of processing and information available to Gamenet, Gamenet shall reasonably assist the Client with data subject requests, data protection inquiries, security inquiries, impact assessments and regulatory requests where legally required and related to the services.
Gamenet may charge reasonable fees for assistance outside the ordinary scope of agreed services, unless prohibited by law or agreed otherwise.
14. Deletion or Return of Personal Data
Upon completion or termination of the applicable services, Gamenet shall delete or return personal data processed on behalf of the Client, unless retention is required by law or necessary for legitimate record-keeping, dispute resolution, backup, security or compliance purposes.
Deletion from backups may occur according to Gamenet’s normal backup retention and deletion cycles.
15. Audit and Compliance Information
Upon reasonable request, Gamenet may provide information necessary to demonstrate compliance with this DPA.
Any audit or inspection shall be subject to reasonable notice, confidentiality, security requirements, operational limitations and agreement on scope and timing.
Gamenet may refuse or limit any request that could compromise security, confidentiality, systems, personnel, other clients or third-party rights.
16. Relationship with Other Documents
This DPA applies to personal data processed by Gamenet on behalf of the Client.
The Company’s general privacy practices are described in the Privacy Policy.
The Company’s general security and operational practices are described in the Trust Statement.
General website and service terms are described in the Terms of Service, unless a separate written agreement provides otherwise.
17. Order of Precedence
If this DPA conflicts with another agreement, the terms that provide greater protection for personal data shall apply, unless the parties expressly agree otherwise in writing.
More specific signed data protection terms shall apply to the relevant project where expressly agreed.
18. Updates to This DPA
The Company may update this DPA from time to time.
The updated version will be published on this website or otherwise made available to clients.
19. Contact
For questions about this DPA, please contact:
Gamenet Platform Limited
Email: privacy@gamenetplatform.com
Website: https://gamenetplatform.com
Address: Ansuya Estate, Revolution Avenue, Suite 9, Victoria, Mahe, Seychelles