Privacy Policy
www.seyllo.com
Effective date: January 1, 2025
Preamble
This Privacy Policy aims to inform Users of the Seyllo platform about how their personal data is collected, processed, and protected.
Seyllo is committed to complying with the provisions of the General Data Protection Regulation (GDPR) No. 2016/679 of April 27, 2016, and French Law No. 78-17 of January 6, 1978, on data processing, files, and freedoms.
The Seyllo platform allows Vendors to create online stores for selling virtual products for game servers. Buyers make purchases on Vendors' stores.
By using the Seyllo platform, the User acknowledges having read this Policy and consents to the data processing described herein.
Article 1 – Definitions
For the purposes of this Policy:
- "User" means any person using the Seyllo platform, whether a Vendor or a Buyer.
- "Vendor" means any natural or legal person creating a store on Seyllo to sell virtual products.
- "Buyer" means any person making a purchase on a store hosted by Seyllo.
- "Personal data" means any information relating to an identified or identifiable natural person.
- "Processing" means any operation performed on personal data.
- "Data controller" means the person who determines the purposes and means of processing.
Article 2 – Identity of the Data Controller
The data controller for personal data is:
| Company name | LWCREATE |
| Legal form | Micro-enterprise (sole proprietor) |
| Legal representative | Mr. Léo DEBIZE |
| SIRET | 93520050600018 |
| Address | 1 Impasse du Bon Boire, 18100 VIERZON, France |
| [email protected] | |
| Data Protection Officer (DPO) | Léo DEBIZE – [email protected] |
Article 3 – Data Collected
Seyllo collects different categories of personal data depending on the User's status:
3.1 Vendor Data
| Category | Data |
|---|---|
| Identity | Name, surname, company name, SIRET/SIREN number |
| Contact details | Email address, postal address, phone number |
| Stripe Connect data | Stripe identifier, bank details (collected directly by Stripe) |
| Store data | Store name, logo, description, created products |
| Technical data | IP address, login identifiers, activity logs |
3.2 Buyer Data
| Category | Data |
|---|---|
| Identity | In-game username/nickname |
| Contact details | Email address |
| Transaction data | Order history, amounts, products purchased |
| Payment data | Processed exclusively by Stripe (Seyllo does not have access to card numbers) |
| Technical data | IP address, browser, operating system |
Article 4 – Legal Basis for Processing
Personal data processing is based on:
| Legal basis | Context |
|---|---|
| Contract performance | Account creation, order management, product delivery |
| Legal obligation | Invoicing, tax obligations, fraud prevention |
| Legitimate interest | Service improvement, security, anonymized statistics |
| Consent | Marketing communications, non-essential cookies |
Article 5 – Purposes of Processing
Personal data is collected for the following purposes:
- Management of Vendor and Buyer accounts
- Processing orders and payments via Stripe
- Automatic delivery of virtual products via RCON
- Invoicing and accounting
- Customer support and ticket management
- Fraud prevention and transaction security
- Platform and service improvement
- Communication (with consent for marketing)
- Compliance with legal and regulatory obligations
Article 6 – Data Recipients
Personal data may be communicated to:
6.1 Internal Recipients
- Authorized LWCREATE staff responsible for platform administration
- Customer service for handling requests
6.2 External Recipients
| Recipient | Purpose |
|---|---|
| Stripe | Payment processing, Stripe Connect |
| Hetzner Online GmbH | Data hosting (servers in Germany) |
| Cloudflare | Security, CDN, DDoS protection |
| Postmark | Transactional email delivery |
| Google LLC (Google Analytics 4) | Audience measurement and visit statistics (with consent) |
6.3 Vendors and Buyers
In the context of a transaction, the Vendor has access to data necessary for order fulfillment (Buyer's username, email, order history on their store). The Vendor is responsible for processing their customers' data within the scope of their store.
Article 7 – Transfers Outside the European Union
Seyllo prioritizes data storage within the European Union (Hetzner servers in Germany).
Some subcontractors (Stripe, Cloudflare, Google) may transfer data to the United States. These transfers are governed by:
- European Commission Standard Contractual Clauses (SCCs)
- EU-US Data Privacy Framework for certified companies
- Appropriate safeguards in accordance with Article 46 of the GDPR
Article 8 – Retention Period
Personal data is retained for the following periods:
| Data type | Retention period |
|---|---|
| Account data | Duration of business relationship + 3 years |
| Transaction data | 10 years (accounting obligation) |
| Invoices | 10 years (tax obligation) |
| Cookie data | 13 months maximum |
| Technical logs | 1 year |
| Support tickets | 3 years after closure |
Upon expiration of these periods, data is deleted or anonymized.
Article 9 – Data Security
Seyllo implements appropriate technical and organizational measures to protect personal data:
- Data encryption in transit (HTTPS/TLS 1.3)
- Password encryption (bcrypt)
- Attack protection (firewall, Cloudflare DDoS protection)
- Restricted data access (authentication, limited rights)
- Regular and geographically distributed backups
- Regular system updates and security patches
- Security incident monitoring and detection
Payment data: Payment data is processed exclusively by Stripe, certified PCI-DSS Level 1. Seyllo never has access to credit card numbers.
Article 10 – Cookies
10.1 Types of Cookies Used
| Type | Purpose | Duration |
|---|---|---|
| Essential | Site operation, authentication | Session |
| Google Analytics 4 | Audience measurement: page views, visit duration, user journey | 14 months max. |
| Preferences | Language, theme | 1 year |
| Stripe | Payment security | Session |
10.2 Google Analytics 4
We use Google Analytics 4, an audience analysis service provided by Google LLC (United States).
Data collected (with your consent):
- IP address (anonymized)
- Pages visited and browsing duration
- Traffic source (search engine, direct link, etc.)
- Device type and browser used
Legal basis: Consent (Article 6.1.a of the GDPR). Analytics cookies are only placed after your explicit acceptance via our consent banner.
As Google is a US company, your data may be transferred to the United States under the EU-US Data Privacy Framework.
More information: Google Privacy Policy
10.3 Managing Your Preferences
You can manage your cookie preferences at any time:
- By clicking the "Manage cookies" link in the footer
- Via your browser settings
- By deleting the "seyllo_consent" entry in your browser's local storage
Refusing analytics cookies does not affect the website functionality. Only essential cookies (authentication, cart) are necessary.
You can withdraw your consent at any time. This withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
Article 11 – Data Subject Rights
In accordance with the GDPR, Users have the following rights:
| Right | Description |
|---|---|
| Right of access | Obtain confirmation that data is being processed and receive a copy |
| Right to rectification | Request correction of inaccurate data |
| Right to erasure | Request deletion of data (subject to conditions) |
| Right to restriction | Limit processing in certain cases |
| Right to portability | Receive data in a structured format |
| Right to object | Object to processing on legitimate grounds |
| Withdrawal of consent | Withdraw consent at any time |
| Post-mortem directives | Define directives regarding data fate after death |
11.1 Exercising Rights
To exercise these rights, Users may:
- Send an email to: [email protected]
- Send a letter to: LWCREATE – DPO, 1 Impasse du Bon Boire, 18100 VIERZON, France
A copy of identity proof may be requested.
Seyllo commits to responding within one month, which may be extended by two months in complex cases.
Article 12 – Complaint to the CNIL
If Users believe their rights are not being respected, they may file a complaint with the French Data Protection Authority (CNIL):
- Address: CNIL – 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
- Website: www.cnil.fr
- Phone: +33 1 53 73 22 22
Article 13 – Minors
The Seyllo platform is not intended for minors under 16 years of age. Use of the platform by a minor under 16 requires prior authorization from a parent or guardian.
For minors aged 16 to 18, use of the platform implies acceptance of this Privacy Policy.
Article 14 – Policy Updates
Seyllo reserves the right to modify this Privacy Policy at any time. Users will be informed of substantial changes by:
- A notification on the platform
- An email to registered addresses
The update date will be indicated at the top of the Policy. Continued use of the platform after modification constitutes acceptance of the new Policy.
Contact
For any questions regarding this Privacy Policy:
- Email: [email protected]
- Mail: LWCREATE – DPO, 1 Impasse du Bon Boire, 18100 VIERZON, France
- Discord: https://discord.gg/9cjeFJNf5K
Last updated: January 2025