Privacy Policy

This Privacy Policy describes how CDKeysIsland ("we", "us", "our") collects, uses, stores, and protects your personal data when you use our website and services.

We are committed to protecting your privacy and ensuring the security of your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation — GDPR) and the Polish Act of 10 May 2018 on the Protection of Personal Data (Journal of Laws 2018, item 1000).

By using our Store, you acknowledge that you have read and understood this Privacy Policy.

We do NOT collect or store: phone numbers, full credit card numbers, payment card CVV codes, bank login credentials, or other sensitive payment data. This data is processed exclusively by certified payment providers (Stripe, BLIK) through encrypted connections.

1. We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law.

2. Order-related data (including billing information): 5 years from the end of the calendar year in which the transaction was completed, in accordance with tax and accounting obligations.

3. Marketing data (newsletter consent): until you withdraw your consent by unsubscribing.

4. Analytics data collected via cookies: as specified in §8 (Cookie Policy), typically 6–24 months depending on the cookie type.

5. Customer support correspondence: 3 years from the case resolution date.

6. After the retention period expires, personal data is permanently deleted or anonymized.

1. We do not sell, trade, or rent your personal data to third parties for their marketing purposes.

2. Your data may be shared with the following categories of recipients for the purposes described in §4:

• Payment processors (Stripe, BLIK) — to process your payments securely.
• Email service providers — to send order confirmations and delivery emails.
• Hosting and infrastructure providers — to operate the Store website.
• Analytics providers (only with your cookie consent) — to analyze Store usage.
• Legal and accounting service providers — where required by law.

3. All data processors are contractually bound to process personal data only on our documented instructions and to implement appropriate security measures.

4. Some of our service providers may process data outside the European Economic Area (EEA). In such cases, we ensure adequate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or we rely on adequacy decisions for the relevant country.

Under the GDPR, you have the following rights regarding your personal data:

To exercise any of these rights, contact us at the email address provided in §2. We will respond within one month (extendable by two months for complex requests).

You also have the right to lodge a complaint with the supervisory authority — in Poland, this is the President of the Personal Data Protection Office (Urząd Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warsaw, Poland).

1. Our Store uses cookies and similar technologies (local storage, pixels) to ensure proper website functionality, improve user experience, and analyze traffic.

2. Cookies are small text files stored on your device by your web browser. They do not contain viruses or malware.

Types of cookies we use:

• Essential cookies — Required for the Store to function properly (cart, checkout, authentication). Cannot be disabled.
• Functional cookies — Remember your preferences (language, currency, region) for a better experience.
• Analytics cookies — Help us understand how visitors use the Store (page views, time on site, traffic sources). Used to improve the Store. Placed only with your consent.
• Marketing cookies — Used to show relevant advertisements and measure ad campaign effectiveness. Placed only with your consent.

3. On your first visit, you are presented with a cookie consent banner where you can accept or reject non-essential cookies. You can change your preferences at any time via the Manage Cookies page.

4. You can also control cookies through your browser settings, including deleting existing cookies and blocking future cookies. Note that blocking essential cookies may prevent the Store from functioning properly.

1. We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• SSL/TLS encryption for all data transmitted between your browser and our servers.
• Encrypted storage of sensitive data.
• Access controls and authentication mechanisms.
• Regular security assessments and monitoring.
• Staff training on data protection obligations.

2. While we strive to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but we take all reasonable measures to protect your information.

3. In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, in accordance with GDPR requirements.

1. We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Store functionality.

2. When we update this Policy, we will revise the "Last updated" date at the top of the page. We encourage you to review this Policy periodically.

3. If changes are material, we will notify registered users by email before the changes take effect.

4. If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: