Privacy Policy

ROTAL GAMES

Gaming Consoles & Accessories | Pakistan Nationwide

PRIVACY POLICY & DATA PROTECTION STATEMENT

Effective DateLast UpdatedVersionJurisdiction
June 26, 2026June 26, 20261.0Islamic Republic of Pakistan

1. INTRODUCTION & SCOPE

Welcome to Rotal Games. This Privacy Policy (‘Policy’) is a legally binding document that governs how Rotal Games (‘we,’ ‘our,’ ‘us,’ or ‘the Company’) collects, uses, stores, shares, protects, and processes personal information of customers, visitors, and users (‘you,’ ‘your,’ or ‘Customer’) who interact with our online store, website, mobile applications, social media pages, and any related services (collectively, ‘Services’) operated within the Islamic Republic of Pakistan.

This Policy applies to all transactions, interactions, and data exchanges conducted through our online platform for the sale of Gaming Consoles, Accessories, Peripherals, Digital Products, and related merchandise offered under the Rotal Games brand.

By accessing our website, making a purchase, creating an account, subscribing to our newsletter, or otherwise using our Services, you expressly acknowledge that you have read, understood, and agree to be bound by this Privacy Policy in its entirety.

1.1 Who We Are

Business NameRotal Games
Business TypeOnline Retail Store — Gaming Consoles & Accessories
Operating RegionPakistan (Nationwide — All Provinces & Territories)
Governing LawLaws of the Islamic Republic of Pakistan

1.2 What This Policy Covers

This Policy comprehensively covers:

  • All personal data collected from you during the browsing, registration, checkout, and post-purchase experience
  • Data collected from third-party sources including payment processors, couriers, and analytics providers
  • How your data is used for order fulfillment, marketing, service improvement, and legal compliance
  • Your rights regarding your personal data under applicable Pakistani law
  • How we safeguard your information against unauthorized access and data breaches
  • Our cookie and tracking technology practices
  • Data retention periods and our deletion policies

2. INFORMATION WE COLLECT

We collect information in three primary ways: (a) directly from you, (b) automatically through your use of our platform, and (c) from trusted third-party partners. The following outlines every category of data we may collect:

2.1 Personal Identification Information

  • Full legal name
  • Father’s name (where required for delivery verification)
  • Date of birth (for age verification and account security)
  • CNIC number (where legally required for high-value transactions or fraud prevention)
  • Gender (optional, for personalized experience)
  • Profile photograph (if uploaded by the user)

2.2 Contact Information

  • Primary email address
  • Mobile phone number (for SMS/WhatsApp order alerts and OTP verification)
  • Alternate contact number
  • Residential, billing, and delivery address(es) — including street address, city, district, province, and postal code

2.3 Transaction & Purchase Data

  • Order history and purchase records
  • Products browsed, wishlisted, and purchased
  • Cart contents and abandoned cart data
  • Return and refund request history
  • Warranty claim records
  • Product reviews, ratings, and feedback submitted
  • Discount codes and promotional offers applied

2.4 Payment & Financial Information

We DO NOT store full payment card details on our servers. However, we may collect and retain:

  • Last 4 digits of payment card (for order reference)
  • Payment method type (credit card, debit card, bank transfer, cash on delivery, Easypaisa, JazzCash, etc.)
  • Transaction reference numbers and confirmation IDs
  • Bank name and account type (for COD verification where applicable)
  • Billing address associated with payment method
All payment processing is handled through PCI-DSS compliant third-party gateways. We do not have access to your full card details.

2.5 Device & Technical Information

  • IP address and geolocation data
  • Device type (mobile, tablet, desktop), device model, and operating system
  • Browser type and version
  • Unique device identifiers and advertising IDs
  • Screen resolution and display settings
  • Internet Service Provider (ISP) details
  • Pages visited, time spent, click patterns, and navigation paths on our platform
  • Referral source (how you found our website)

2.6 Communication Records

  • Customer support chat transcripts and email correspondence
  • Phone call recordings (where consent is obtained and legally permitted)
  • Social media messages, comments, and interactions on our official pages
  • Survey responses and feedback forms
  • Complaints and dispute resolution records

2.7 Account & Profile Data

  • Username and encrypted password credentials
  • Account creation date and last login timestamp
  • Saved addresses and delivery preferences
  • Notification and communication preferences
  • Loyalty points balance and reward history

2.8 Data from Minors

Our Services are intended for individuals aged 13 years and above. We do not knowingly collect personal data from children under 13 years of age without verifiable parental or guardian consent. If we discover that we have inadvertently collected data from a child under 13, we will immediately delete such information. Parents or guardians who believe their child has submitted personal data to us should contact us immediately at our designated contact address.

3. HOW WE USE YOUR INFORMATION

We process your personal information for the following lawful and legitimate purposes:

3.1 Order Processing & Fulfillment

  • Processing and confirming your orders
  • Coordinating with courier partners for nationwide delivery
  • Sending order confirmation, shipping updates, and delivery notifications via SMS, WhatsApp, and email
  • Handling returns, exchanges, and refund processing
  • Providing warranty registration and claim services

3.2 Account Management

  • Creating and maintaining your customer account
  • Verifying your identity during login and account recovery
  • Allowing you to view your order history and manage saved addresses
  • Sending account-related security notifications

3.3 Customer Support

  • Responding to queries, complaints, and service requests
  • Investigating disputes and resolving issues
  • Maintaining records for quality assurance and training
  • Providing technical support for products purchased

3.4 Marketing & Communications

  • Sending promotional emails, SMS messages, or WhatsApp notifications about deals, discounts, and new products — only with your consent
  • Personalizing product recommendations based on your purchase and browsing history
  • Displaying targeted advertisements on our website and third-party platforms
  • Informing you about flash sales, seasonal campaigns, and exclusive gaming events
You may opt out of marketing communications at any time by clicking ‘Unsubscribe’ in any email, replying STOP to SMS, or contacting our support team. Opting out will not affect transactional communications.

3.5 Legal & Compliance Obligations

  • Complying with applicable Pakistani laws, regulations, and court orders
  • Cooperating with lawful requests from government authorities, law enforcement, and regulatory bodies (FBR, FIA, etc.)
  • Maintaining records as required by the Federal Board of Revenue (FBR) and Sales Tax laws
  • Preventing, detecting, and investigating fraud, money laundering, and unauthorized transactions

3.6 Business Analytics & Improvement

  • Analyzing purchase patterns to optimize inventory and stock management
  • Conducting website performance monitoring and error tracking
  • Conducting customer satisfaction surveys and market research
  • Improving our website, app, and overall customer experience

4. LEGAL BASIS FOR PROCESSING

We process your personal data only when we have a lawful basis to do so. Our legal bases include:

Contractual NecessityProcessing is necessary to fulfill the purchase contract between you and Rotal Games (e.g., delivering your order).
Legal ObligationProcessing is required to comply with Pakistani laws, tax regulations, FBR directives, and court orders.
Legitimate InterestProcessing is in our legitimate business interests (e.g., fraud prevention, security, analytics) provided these do not override your fundamental rights.
ConsentFor marketing communications, cookies, and optional features, we rely on your freely given, specific, and informed consent.

5. SHARING OF YOUR INFORMATION

We respect your privacy and do not sell your personal data to third parties. However, we may share your information with trusted parties in the following circumstances:

5.1 Delivery & Logistics Partners

We share your name, contact number, and delivery address with courier companies and logistics partners (such as TCS, Leopards, Trax, M&P, Post Ex, or other registered Pakistani couriers) strictly for the purpose of delivering your orders.

5.2 Payment Service Providers

We share necessary transaction data with payment gateways, banks, and mobile wallet providers (e.g., Easypaisa, JazzCash, Bank Alfalah, HBL, Allied Bank, Visa/Mastercard acquirers) to process your payments securely.

5.3 Technology & Platform Service Providers

We may engage third-party service providers for website hosting, cloud storage, email services, SMS gateways, analytics, and customer support tools. These providers are contractually bound to use your data only as directed by us and for the purposes specified.

5.4 Legal & Regulatory Authorities

We may disclose your information to government agencies, law enforcement authorities (FIA, Police), tax authorities (FBR), or courts when legally required or when we have a good-faith belief that disclosure is necessary to comply with the law, protect rights, prevent fraud, or ensure safety.

5.5 Business Transfers

In the event of a merger, acquisition, sale of assets, or business restructuring, your personal data may be transferred to the acquiring entity. We will notify you of any such change and your rights in relation to it.

5.6 Marketing & Advertising Partners

With your consent, we may share anonymized or pseudonymized data with advertising platforms (e.g., Meta/Facebook, Google, TikTok) for the purpose of serving targeted advertisements. We do not share your CNIC, financial account details, or full contact information with advertisers.

We require all third-party partners to maintain confidentiality obligations and process your data only in accordance with our instructions and applicable law. We are not responsible for third parties’ independent privacy practices.

6. COOKIES & TRACKING TECHNOLOGIES

Our website and mobile application use cookies and similar tracking technologies to enhance your experience, analyze traffic, and provide personalized content. By using our platform, you consent to the use of cookies as described in this section.

6.1 Types of Cookies We Use

  • Essential/Strictly Necessary Cookies: Required for the website to function (e.g., shopping cart, login session). Cannot be disabled.
  • Performance & Analytics Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics). Used anonymously.
  • Functional Cookies: Remember your preferences such as language, currency, and saved addresses.
  • Targeting & Advertising Cookies: Used to deliver relevant ads and track campaign performance. May be shared with advertising partners.
  • Session Cookies: Temporary cookies deleted when you close your browser.
  • Persistent Cookies: Remain on your device for a set period to recognize returning visitors.

6.2 Managing Cookies

You can manage cookie preferences through your browser settings. Disabling certain cookies may impact the functionality of our website. To opt out of Google Analytics tracking, you may use the Google Analytics Opt-Out Browser Add-on. For advertising cookies, you may visit the Digital Advertising Alliance opt-out tools.

6.3 Web Beacons & Pixel Tags

We may use pixel tags and web beacons in our emails and website to track email open rates, click-through rates, and conversion events. This helps us improve the relevance of our communications.

7. DATA SECURITY & PROTECTION

We are committed to protecting your personal information using industry-standard security measures. Our security framework includes:

7.1 Technical Safeguards

  • SSL/TLS encryption for all data transmitted between your browser and our servers
  • AES-256 encryption for stored sensitive data
  • Secure and firewalled server infrastructure hosted within reliable data centers
  • Regular penetration testing and vulnerability assessments
  • Multi-factor authentication (MFA) for administrative access
  • Automatic session timeouts after periods of inactivity

7.2 Organizational Safeguards

  • Access to personal data is restricted to authorized personnel on a need-to-know basis
  • All employees and contractors are bound by confidentiality agreements
  • Regular staff training on data protection and cybersecurity best practices
  • Internal data access audit logs maintained for all sensitive systems

7.3 Payment Security

All payment transactions are processed through PCI-DSS Level 1 compliant payment gateways. We do not store, process, or transmit full payment card numbers on our servers. Card tokenization is used where applicable.

7.4 Data Breach Response

In the unfortunate event of a data breach that poses a risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the breach (where reasonably practicable), provide details of the breach and steps taken, recommend actions you can take to protect yourself, and cooperate fully with relevant authorities, including the Pakistan Telecommunication Authority (PTA) and any other applicable regulatory body.

No method of transmission over the internet or electronic storage is 100% secure. While we implement all reasonable measures, we cannot guarantee absolute security of your data.

8. DATA RETENTION

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements.

Data CategoryRetention PeriodLegal Basis
Customer Account DataDuration of account + 3 years post-closureLegitimate Interest
Order & Transaction Records7 years minimumFBR / Tax Law Compliance
Payment Records7 years minimumLegal Obligation
Customer Communications3 yearsDispute Resolution
Marketing PreferencesUntil opt-out + 1 yearConsent
Website Analytics Data26 months (anonymized)Legitimate Interest
Security & Fraud Logs5 yearsLegal Obligation
CNIC / ID Verification7 yearsAnti-Money Laundering Law
Warranty & Claim RecordsDuration of warranty + 2 yearsContractual Necessity
Cookies & Tracking DataUp to 2 yearsConsent

9. YOUR RIGHTS AS A DATA SUBJECT

As a customer of Rotal Games, you have the following rights with respect to your personal information. We are committed to honoring these rights within a reasonable timeframe (typically 30 days from a verifiable request):

9.1 Right to Access

You have the right to request a copy of all personal data we hold about you. We will provide this in a structured, clear, and readable format free of charge.

9.2 Right to Correction / Rectification

You may request correction of any inaccurate or incomplete personal data we hold about you. You may also update certain information directly via your account settings.

9.3 Right to Deletion (‘Right to Be Forgotten’)

You may request that we delete your personal data where it is no longer necessary for the purposes for which it was collected, you withdraw consent (where processing is consent-based), or the data has been unlawfully processed. This right is subject to our legal obligation to retain certain records (e.g., tax records for FBR compliance).

9.4 Right to Restrict Processing

You may request that we temporarily stop processing your data while a dispute is being resolved or while you contest the accuracy of the data we hold.

9.5 Right to Data Portability

You may request that we provide your data in a machine-readable format (e.g., CSV or JSON) so that you can transfer it to another service provider.

9.6 Right to Withdraw Consent

Where we process your data on the basis of consent (e.g., marketing), you have the right to withdraw that consent at any time without affecting the lawfulness of processing before withdrawal.

9.7 Right to Object

You have the right to object to processing based on our legitimate interests, including profiling for direct marketing purposes.

9.8 Right Against Automated Decision-Making

You have the right not to be subject to decisions made solely by automated processing that have a significant legal or similarly significant effect on you, without human review.

9.9 How to Exercise Your Rights

To exercise any of the above rights, please contact us via:

  • Email: privacy@rotalgames.pk
  • Customer Support Portal: rotalgames.pk/support
  • WhatsApp Business: [Your WhatsApp Number]

We may verify your identity before processing your request. We will respond within 30 calendar days.

10. THIRD-PARTY LINKS & EXTERNAL SERVICES

Our website may contain links to third-party websites, social media platforms, payment portals, and external services. These third parties operate independently and have their own privacy policies, which we strongly encourage you to review.

Rotal Games is not responsible for the privacy practices, content, or security of third-party websites or services. Clicking on external links does not imply our endorsement of those sites.

Social media plugins (e.g., Facebook Like button, Instagram feeds, YouTube embeds) may cause data to be transmitted to those platforms even if you do not click on them. We recommend reviewing the respective platforms’ privacy policies.

11. DATA STORAGE & CROSS-BORDER TRANSFERS

Your data is primarily stored and processed within Pakistan. However, some of our service providers may operate data centers in other countries (e.g., cloud services hosted in the USA, EU, or Singapore).

Where data is transferred internationally, we ensure that adequate safeguards are in place, including standard contractual clauses, data processing agreements, and compliance with the receiving country’s data protection laws.

By using our Services and providing your information, you acknowledge and consent to the potential transfer of your data to countries outside Pakistan for the purposes described in this Policy.

12. MARKETING COMMUNICATIONS & OPT-OUT

12.1 Types of Marketing Communications

With your consent, we may send you the following marketing communications:

  • Promotional emails about new products, sales, and exclusive deals
  • SMS and WhatsApp notifications about flash sales and order-related offers
  • Push notifications via our mobile app (if applicable)
  • Targeted advertising on social media platforms (Facebook, Instagram, TikTok, Google)

12.2 How to Opt Out

  • Email: Click ‘Unsubscribe’ at the bottom of any marketing email
  • SMS: Reply ‘STOP’ to any marketing SMS
  • WhatsApp: Reply ‘OPT OUT’ or contact our support team
  • Account Settings: Manage notification preferences in your profile dashboard
  • Contact Us: Email privacy@rotalgames.pk with your opt-out request

Please allow up to 10 business days for your opt-out to take effect across all systems. You will still receive transactional communications necessary for your orders.

13. CHILDREN’S PRIVACY

Rotal Games’s Services are not directed to children under the age of 13. We do not knowingly collect, use, or disclose personal information from children under 13 years of age.

For users between 13 and 18 years of age, we recommend that a parent or legal guardian review and approve use of our Services and this Privacy Policy on the minor’s behalf.

If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at privacy@rotalgames.pk and we will promptly delete such information.

14. GAMING-SPECIFIC PRIVACY CONSIDERATIONS

As a retailer specializing in gaming consoles and accessories, we want to inform you of specific privacy considerations relevant to gaming products:

14.1 Console Serial Numbers & Registration

If you register a gaming console (e.g., PlayStation, Xbox, Nintendo Switch) purchased from us, your registration data may be shared with the manufacturer (Sony, Microsoft, Nintendo, etc.) for warranty purposes. Please review the respective manufacturer’s privacy policy for details on how they process your data.

14.2 Game Accounts & Online Services

Rotal Games does not have access to your gaming platform accounts (PSN, Xbox Live, Nintendo Online). These are governed by the respective platform’s terms of service and privacy policies.

14.3 Digital Product Purchases

For digital game codes, DLC, and subscription cards purchased from us, your email address will be used to deliver the product key. We retain records of digital purchases for warranty and dispute purposes.

14.4 Product Authenticity & Warranty

To verify product authenticity and facilitate manufacturer warranty claims, we may need to share your contact details and product serial numbers with authorized distributors, manufacturers, or their local representatives.

15. COMPLIANCE WITH PAKISTANI LAW

This Privacy Policy is designed to comply with the following applicable laws, regulations, and guidelines of the Islamic Republic of Pakistan:

  • Prevention of Electronic Crimes Act, 2016 (PECA) — Governing cybercrime, unauthorized data access, and electronic fraud
  • Electronic Transactions Ordinance, 2002 (ETO) — Governing electronic contracts, transactions, and digital records
  • Pakistan Telecommunication (Re-organization) Act, 1996 — Governing telecom data and consumer protection
  • Consumer Protection Acts of various provinces (Punjab Consumer Protection Act, Sindh Consumer Protection Act, KPK Consumer Protection Act, Balochistan Consumer Protection Act)
  • Federal Board of Revenue (FBR) Regulations — Governing retention of financial and transactional records
  • State Bank of Pakistan (SBP) Regulations on Payment Systems and Electronic Fund Transfers
  • Anti-Money Laundering Act, 2010 (AML) — Governing KYC and financial crime prevention
  • Pakistan Penal Code (PPC) provisions on fraud, misrepresentation, and criminal breach of trust
  • Competition Act, 2010 — Governing fair business practices
To the extent that any provision of this Policy conflicts with mandatory applicable law, the relevant law shall prevail, but such conflict shall not affect the validity or enforceability of the remaining provisions.

16. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update, modify, or revise this Privacy Policy at any time to reflect changes in our practices, legal requirements, or business operations. When we make material changes, we will:

  • Post the updated Policy on this page with a revised ‘Last Updated’ date
  • Send an email notification to registered customers where the changes materially affect their rights
  • Display a prominent notice on our website for at least 30 days following material updates
  • Where required by law, seek your renewed consent before implementing the change

We encourage you to review this Privacy Policy periodically. Your continued use of our Services after any changes constitutes your acknowledgment and acceptance of the updated Policy.

17. DISPUTE RESOLUTION & GOVERNING LAW

17.1 Governing Law & Jurisdiction

This Privacy Policy and all matters arising from or related to it shall be governed by and construed exclusively in accordance with the laws of the Islamic Republic of Pakistan. Any disputes arising from this Policy shall be subject to the exclusive jurisdiction of the competent courts of Pakistan.

17.2 Dispute Resolution Process

In the event of any dispute, claim, or controversy arising out of or relating to this Privacy Policy or the breach, termination, enforcement, interpretation, or validity thereof:

  • Step 1 — Informal Resolution: You should first contact us at privacy@rotalgames.pk to attempt informal resolution within 30 days
  • Step 2 — Mediation: If informal resolution fails, parties agree to attempt mediation through a mutually agreed mediator
  • Step 3 — Legal Proceedings: If mediation is unsuccessful, either party may pursue claims through the competent courts of Pakistan

17.3 Limitations

Any legal action related to this Privacy Policy must be brought within two (2) years from the date the cause of action arose, to the extent permitted by applicable Pakistani law.

18. CONTACT US

For any questions, concerns, requests, or complaints regarding this Privacy Policy or our data practices, please contact our designated Privacy Team:

Contact MethodDetails
Privacy Emailprivacy@rotalgames.pk
Customer Support Emailsupport@rotalgames.pk
WhatsApp Business[Your WhatsApp Number]
Business HoursMonday to Saturday, 9:00 AM – 6:00 PM PKT
Websiterotalgames.pk
Response TimeWithin 30 calendar days for data rights requests
Physical Address (if applicable)[Your Registered Business Address, City, Pakistan]

19. CUSTOMER ACKNOWLEDGMENT & ACCEPTANCE

IMPORTANT: By using the Rotal Games website, making a purchase, creating an account, or otherwise engaging with our Services, you confirm that you have read, fully understood, and expressly agree to be bound by all terms of this Privacy Policy and any future updates made thereto in accordance with Section 16.

If you do not agree with any provision of this Privacy Policy, you must immediately discontinue use of our Services. Continued use of our Services constitutes ongoing acceptance of this Policy.

OFFICIAL DECLARATION

This Privacy Policy is an official legal document of Rotal Games. It has been prepared in good faith to protect your rights and clearly communicate our data practices. This Policy supersedes all prior privacy notices or statements issued by Rotal Games.

Authorized Signatory ____________________________ Name: ________________________ Designation: _________________ Date: June 26, 2026Official Stamp / Seal Rotal Games Gaming Consoles & Accessories Pakistan Nationwide [OFFICIAL STAMP]

Rotal Games | Privacy Policy v1.0 | Effective: June 26, 2026 | Pakistan

This document is confidential and the exclusive intellectual property of Rotal Games. Unauthorized reproduction is prohibited.