At Blockheaps, operated by SPACE ROCK GAMES LIMITED, protecting your privacy and ensuring the security of your personal data is an absolute priority. This Privacy Policy outlines how we collect, process, store, and safeguard your information when you access our website (www.blockheaps.com), register an account, or purchase our virtual digital assets.
Our operations are strictly structured to comply with the New Zealand Privacy Act 2020 and the European Union General Data Protection Regulation (GDPR).
1. Corporate Identity & Data Controller
For the purposes of applicable data protection legislation, the data controller responsible for your personal information is:
- Company Name: SPACE ROCK GAMES LIMITED
- Company Number: 8132811
- Registered Address: 2 Keridale Lane, Kerikeri 0230, New Zealand
- Contact Email: privacy@blockheaps.com (or stacking@blockheaps.com)
2. Information We Collect and Process
We adopt a principle of data minimisation, collecting only the standard, necessary personal indicators required to deliver our gaming services, secure transactions, and maintain website integrity:
- Account Registration Data: Your chosen username, registered email address, and account preferences.
- Transactional & Purchase Records: Details regarding the date of the transaction, payment status, and the specific digital assets or logic packages credited to your in-game account. (Note: We do not collect or store full credit card numbers; all payment processing is handled securely by our PCI-DSS compliant payment gateways).
- Technical & Analytical Logs: IP addresses, unique device identifiers, browser types, operating system details, and session data associated with your interaction with our gaming environment.
3. Lawful Basis and Purposes of Data Processing
We process your data under the following legitimate legal frameworks:
- Contractual Necessity: To manage your account, authenticate your login, and successfully deliver purchased digital assets instantly into your game environment.
- Legitimate Interests (Anti-Fraud & Risk Management): To monitor transactional risk, verify that payment methods are fully authorised, prevent malicious account exploitation, and mitigate chargeback or financial fraud risks in cooperation with our payment processors (e.g., Stripe).
- Legal Compliance: To maintain precise corporate accounting, tax documentation, and regulatory compliance records under New Zealand and international mandates.
4. Secure Data Sharing and Financial Intermediaries
We strictly prohibit the selling, renting, or trading of your personal data to third-party institutions for marketing or promotional purposes. Your data is only shared under secure protocols with trusted service providers critical to our operations:
- Payment Gateways: Transactional data is securely transmitted to our payment processors to validate, clear, and secure your financial transactions.
- Fraud Prevention Services: Analytical data may be cross-referenced with compliance infrastructure to identify and block high-risk or fraudulent activity.
- Legal Authorities: Information will only be disclosed if required by law, court order, or to defend our legal rights against fraudulent chargeback abuse.
5. Global Data Security & Encryption
We implement robust technical, physical, and administrative protection mechanisms to secure your data against unauthorised access, alteration, disclosure, or destruction.
- All data transmitted during registration and checkout is protected using advanced secure socket layer (SSL/TLS) encryption technology.
- Internal access to personal data is restricted exclusively to authorised personnel bound by strict confidentiality obligations.
6. Data Retention Protocols
We retain your personal data only for as long as necessary to fulfil the operational purposes outlined in this policy.
- Account Data: Retained for the active lifespan of your user account.
- Transactional Data: Financial and transaction records are legally retained for extended periods to satisfy New Zealand corporate tax laws, anti-money laundering (AML) protocols, and to provide comprehensive documentation during standard financial dispute (chargeback) eligibility windows.
7. Your Statutory Rights (GDPR & Privacy Act)
Depending on your geographical location (particularly users within the European Union, United Kingdom, or New Zealand), you possess comprehensive statutory rights regarding your personal data:
- Right of Access: You may request an official copy of the personal data we hold about you.
- Right to Rectification: You have the right to request the immediate correction of inaccurate or incomplete data.
- Right to Erasure (“Right to be Forgotten”): You may request the deletion of your personal account data, provided the data is no longer required for ongoing legal compliance, contractual execution, or active fraud prevention investigations.
- Right to Restrict or Object: You may object to or restrict specific types of data processing.
To exercise any of these privacy rights, please submit a formal request to our compliance team at stacking@blockheaps.com. We will evaluate and respond to all legitimate requests in accordance with statutory timeframes.
8. Age Restrictions
Our platform, website, and digital marketplace are strictly intended for individuals aged 18 years or older. We do not knowingly collect, solicit, or process personal data from minors. If we detect that an account has been registered by a minor without verifiable parental consent, the account and all associated data will be promptly and permanently purged from our active systems.
9. Governing Law
This Privacy Policy, along with our internal data handling practices, shall be governed by and interpreted exclusively in accordance with the laws of New Zealand. International users acknowledge that local jurisdiction rights are respected alongside the data security frameworks detailed above.