PRIVACY POLICY

Last updated: March 2, 2026

1. INTRODUCTION

This Privacy Policy describes how QUESTEE LTD, Registration number: 17080073, Legal address: Crown House, 27 Old Gloucester Street, London, United Kingdom, WC1N 3AX the operator of https://dota2leader.com (“we”, “us”, “our”, or the “Company”), collects, processes, stores, and safeguards personal data when you visit or use our Platform and related services.

We are committed to processing personal data lawfully, fairly, and transparently, in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Policy explains what personal data we collect, why we collect it, how it is used, and what rights you have in relation to your information.

By accessing or using dota2leader.com, you confirm that you have read and understood this Privacy Policy.

2. SCOPE AND APPLICATION OF THIS PRIVACY POLICY

This Privacy Policy applies to all personal data processed in connection with your access to and use of https://dota2leader.com, including any services, tools, features, or functionality made available through the Platform.

It covers personal data processed in the context of, including but not limited to:

  • your interaction with the website, such as browsing pages, viewing available digital items, and engaging with Platform content;
  • the creation and management of user accounts through Steam authentication, including the use of publicly available Steam profile information (such as Steam ID, username, and avatar) to enable account setup and digital item delivery, as well as additional information you provide, such as your email address, for communication, security, and account management purposes;
  • the purchase of digital cosmetic items (“skins”) offered directly by the Platform, including the processing of payments through authorised payment providers, order confirmation, and delivery of digital content via Steam trade mechanisms;
  • the use of internal balance features, where available, including optional account funding and withdrawal of unused funds, subject to fraud prevention, identity verification, and compliance controls;
  • communications with our support team, including enquiries submitted by email, handling of complaints, dispute resolution, and related correspondence;
  • payment-related and compliance activities, including transaction monitoring, fraud prevention, cooperation with payment service providers, and compliance with legal or regulatory obligations.

This Privacy Policy applies irrespective of the device, browser, or technology used to access the Platform.

This document forms part of our wider contractual framework and should be read together with our Terms & Conditions and Refund Policy, which explain the nature of our services and the legal relationship between you and the Company.

In the event of any inconsistency between this Privacy Policy and other contractual documents, applicable data protection legislation shall take precedence.

3. ELIGIBILITY AND AGE RESTRICTIONS

The services available on dota2leader.com are intended solely for individuals who are at least 18 years of age.

By accessing or using the Platform, you confirm that you are 18 years old or over and that you have the legal capacity to enter into binding agreements under the laws applicable to you.

The Platform, including account access via Steam authentication and the purchase of digital cosmetic items, is not directed at children or individuals under the age of 18. We do not knowingly collect or process personal data relating to minors.

If we become aware, or have reasonable grounds to believe, that personal data has been provided by or relates to a person under 18, we will take appropriate action. This may include deleting the relevant data, suspending or terminating the associated account, and implementing additional safeguards where necessary.

This section does not limit any obligations we may have under applicable UK data protection legislation or child protection laws, and we will comply with any additional legal requirements that may arise in relation to the protection of minors.

4. INFORMATION WE COLLECT

In the course of operating dota2leader.com, we collect certain categories of personal data depending on how you interact with the Platform.

4.1 Information Collected Automatically

When you access or browse the Platform, certain technical and usage-related information is collected automatically. This may include:

  • your IP address and a general indication of your geographic location (for example, country or region level);
  • device-related information, such as device type, operating system, and browser type;
  • technical usage data, including pages visited, time spent on the Platform, navigation paths, and interaction patterns.

This information is used to ensure the proper functioning of the Platform, enhance security, monitor performance, prevent misuse, and improve overall user experience.

4.2 Account and Steam Information

When you create an account using Steam authentication, we receive certain publicly available profile information from Steam. This may include:

  • your Steam ID;
  • your Steam display name and avatar;
  • publicly accessible inventory information, where relevant to enable the delivery of purchased skins.

In addition, we collect and store information directly associated with your Platform account, including:

  • your email address, which is required for account-related communications, security notifications, and transaction confirmations;
  • records of account activity, such as purchases made, internal balance transactions, withdrawal requests, and delivery status.

This information allows us to manage your account, provide purchased digital content, and maintain accurate transaction records.

4.3 Payment and Transaction Information

Payments made on dota2leader.com are processed by authorised third-party payment service providers.

We do not collect or retain full card numbers, CVV/CVC codes, or other sensitive payment credentials.

However, we may receive limited transactional data necessary to administer purchases and maintain financial records. This may include:

  • confirmation of payment success or failure;
  • transaction reference numbers;
  • the type of payment method used;
  • billing address information, where required for fraud prevention or compliance purposes.

This information is used strictly for operational, accounting, fraud prevention, and regulatory compliance purposes.

4.4 Identity Verification Information (Where Required)

In certain situations, such as where required for fraud prevention, compliance checks, or withdrawal of unused balance, we may request additional identity verification information. This may include:

  • your full legal name;
  • identification document details;
  • proof of address;
  • limited verification relating to the payment method used.

Verification procedures may be carried out directly by us or through trusted third-party service providers acting on our behalf.

We only request such information where it is necessary and proportionate for legal, regulatory, or security purposes.

4.5 Communications and Support Information

If you contact us for support, make an enquiry, or raise a complaint, we will process the information you provide.

This may include:

  • your email address;
  • the content of your message or support request;
  • correspondence history and related account information necessary to respond effectively.

This information is used solely to handle enquiries, resolve issues, and maintain service quality.

5. PURPOSES OF PROCESSING AND LEGAL GROUNDS

We process personal data only where we have a valid legal basis under the UK General Data Protection Regulation (UK GDPR) and only where such processing is necessary for operating dota2leader.com and providing our services.

Depending on the circumstances, your personal data may be processed on one or more of the following legal grounds:

5.1 Performance of a Contract

We process personal data where it is necessary to perform a contract with you or to take steps at your request before entering into a contract.

This includes processing required to:

  • create and administer your user Account through Steam authentication;
  • provide access to the Platform and its essential functionality;
  • process purchases of digital cosmetic items (“skins”);
  • deliver digital content via Steam trade mechanisms;
  • manage your internal balance, including top-ups and withdrawals.

If we did not process this information, we would not be able to supply the services you have requested.

5.2 Legitimate Interests

We may process personal data where such processing is necessary for our legitimate business interests, provided that those interests do not override your fundamental rights and freedoms.

Our legitimate interests may include:

  • ensuring the security, stability, and proper operation of the Platform;
  • detecting, preventing, and investigating fraud, chargeback abuse, or unauthorised access;
  • monitoring technical performance and improving usability and functionality;
  • responding to enquiries, handling complaints, and resolving disputes;
  • enforcing our Terms & Conditions.

Where we rely on legitimate interests, we conduct an appropriate balancing assessment to ensure that our processing remains proportionate and respects your privacy rights.

5.3 Compliance with Legal Obligations

We process personal data where necessary to comply with legal or regulatory requirements.

This may include obligations relating to:

  • accounting and financial record-keeping;
  • fraud prevention and transaction monitoring;
  • identity verification where required;
  • responding to lawful requests from courts, regulators, or law enforcement authorities.

Where processing is required by law, we will retain and disclose information only to the extent necessary to meet those obligations.

5.4 Consent

In limited circumstances, we rely on your consent as the legal basis for processing.

This may apply, for example:

  • where you choose to receive optional communications;
  • where non-essential cookies or similar tracking technologies are used.

Where processing is based on consent, you may withdraw your consent at any time. Withdrawal will not affect the lawfulness of processing carried out before consent was withdrawn.

Details on how to manage or withdraw consent are provided within the relevant sections of this Privacy Policy and through the Platform’s cookie management tools.

6. COOKIES AND SIMILAR TECHNOLOGIES

6.1 What Are Cookies

The Platform uses cookies and similar tracking technologies to ensure proper functionality, improve performance, and enhance user experience.

Cookies are small text files stored on your device (such as a computer, smartphone, or tablet) when you visit a website. They allow the website to recognise your device, maintain secure sessions, remember preferences, and analyse usage patterns.

For the purposes of this Privacy Policy, the term “cookies” also includes similar technologies such as pixels, web beacons, tags, and device identifiers.

Cookies may be:

  • First-party cookies, placed directly by dota2leader.com;
  • Third-party cookies, placed by service providers supporting security, analytics, infrastructure, or customer support functionality.

Any personal data collected through cookies is processed in accordance with this Privacy Policy and applicable UK data protection laws.

6.2 Legal Basis for Using Cookies

We use cookies on the following legal grounds:

  • Strictly necessary cookies are used on the basis of legitimate interest and contractual necessity, as they are essential for providing core Platform functionality.
  • Preference and analytics cookies are used only where you have provided your consent, unless otherwise permitted under applicable law.

You may withdraw or modify your consent at any time through the cookie management tools available on the Platform or via your browser settings.

6.3 Categories of Cookies Used

We use the following categories of cookies:

(a) Strictly Necessary Cookies

These cookies are essential for the secure and proper operation of the Platform. Without them, core functionality would not be available.

They are used for purposes such as:

  • maintaining secure login sessions via Steam authentication;
  • protecting against fraud and malicious activity;
  • ensuring technical stability and security (including infrastructure-level protection tools such as Cloudflare);
  • enabling access to secure areas of the Platform.

These cookies do not require consent.

(b) Preference Cookies

These cookies allow the Platform to remember certain choices you make, such as display or interface preferences, in order to provide a more personalised experience.

They are optional and activated only where consent is provided.

(c) Analytics Cookies

Analytics cookies help us understand how Users interact with the Platform, including general traffic patterns, feature usage, and performance metrics.

This information is typically collected in aggregated or anonymised form and is used to improve usability, functionality, and overall service quality.

We may use trusted third-party analytics tools that operate under their own privacy standards.

(d) Third-Party Service Cookies

Certain cookies may be placed by third-party providers that support essential Platform operations, including:

  • Steam (authentication and item delivery);
  • infrastructure and security providers;
  • customer support or communication tools.

These providers may apply their own retention periods and processing practices in accordance with their respective privacy policies.

6.4 Managing Your Cookie Preferences

When you first access the Platform, you are presented with a cookie banner allowing you to:

  • accept all cookies;
  • reject non-essential cookies;
  • customise your preferences.

You may update your choices at any time via the cookie settings tool (where available) or through your browser configuration.

Please note that disabling strictly necessary cookies may affect the security and functionality of the Platform.

6.5 Retention of Cookies

Cookies may be stored for different durations depending on their purpose:

  • Session cookies are deleted when you close your browser;
  • Persistent cookies remain stored for a defined period or until manually deleted.

We ensure that cookie retention periods are limited to what is reasonably necessary for their intended purpose and in accordance with applicable law.

6.6 Updates

We may update this section from time to time to reflect changes in legal requirements, technology, or Platform operations. Any updates will be published within this Privacy Policy.

7. DISCLOSURE OF PERSONAL DATA

We may share personal data with carefully selected third parties where such disclosure is necessary for the operation of dota2leader.com, the provision of services, compliance with legal obligations, or the protection of the Platform and its Users.

Personal data is shared only to the extent reasonably required and subject to appropriate safeguards.

7.1 Service Providers

We may disclose personal data to trusted service providers who support our operations, including:

  • Payment service providers, who securely process payments, balance top-ups, withdrawals, and related financial transactions;
  • Identity verification and compliance partners, where verification checks are required for fraud prevention, regulatory compliance, or withdrawal processing;
  • IT, infrastructure, hosting, and security providers, who assist in maintaining Platform stability, system performance, data storage, and protection against cyber threats;
  • Customer support and technical service providers, where necessary to resolve user enquiries or operational issues.

Such providers act on our behalf or independently in accordance with their legal obligations and are authorised to process personal data only where necessary to perform their designated functions.

7.2 Legal and Regulatory Disclosures

We may disclose personal data where required to do so by law or where disclosure is necessary to:

  • comply with statutory or regulatory obligations;
  • respond to lawful requests from courts, regulators, or law enforcement authorities;
  • protect the rights, property, or safety of the Company, Users, or third parties;
  • investigate suspected unlawful activity, fraud, or misuse of the Platform.

Any such disclosure will be limited to what is legally required or proportionate in the circumstances.

7.3 No Sale of Personal Data

We do not sell, rent, trade, or otherwise monetise personal data for marketing or unrelated commercial purposes.

7.4 Safeguards and Contractual Protections

Where personal data is shared with third-party service providers, we ensure that appropriate legal and technical safeguards are in place. This may include:

  • contractual data processing agreements;
  • confidentiality obligations;
  • implementation of appropriate technical and organisational security measures;
  • compliance with the UK GDPR, the Data Protection Act 2018, and other applicable data protection legislation.

We take reasonable steps to ensure that any third party handling personal data does so lawfully, securely, and in a manner consistent with this Privacy Policy.

8. INTERNATIONAL TRANSFERS OF PERSONAL DATA

In certain circumstances, personal data may be transferred to, stored in, or accessed from countries outside the United Kingdom.

Where this occurs, we ensure that such transfers are carried out in full compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

8.1 Safeguards for International Transfers

When personal data is transferred internationally, we implement appropriate legal and technical safeguards designed to ensure that an equivalent level of data protection is maintained.

Depending on the circumstances, these safeguards may include:

  • reliance on a UK adequacy regulation where the UK Government has determined that the destination country provides an adequate level of data protection;
  • the use of UK-approved transfer mechanisms, such as International Data Transfer Agreements (IDTAs) or the UK Addendum to the EU Standard Contractual Clauses, as recognised by the Information Commissioner’s Office (ICO);
  • additional contractual, organisational, and technical protections, including data minimisation practices, encryption measures, and restricted access controls.

9. DATA RETENTION

We retain personal data only for as long as it is reasonably necessary for the purposes for which it was collected and processed, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Personal data may be retained for the following reasons:

  • to provide and administer the Platform, including account management, processing purchases of digital content, delivery of skins via Steam, and handling customer support requests;
  • to comply with statutory, regulatory, tax, accounting, and anti-fraud obligations;
  • to resolve disputes, respond to complaints, enforce our Terms & Conditions, and protect the rights, safety, and integrity of the Platform;
  • to investigate and prevent fraud, chargeback abuse, or other misuse of the services.

9.1 Determining Retention Periods

The length of time we retain personal data depends on several factors, including:

  • the nature and sensitivity of the personal data;
  • the purpose for which the data was collected;
  • applicable statutory or regulatory retention requirements;
  • the potential risk of disputes, chargebacks, or fraudulent activity;
  • the need to safeguard legal claims or defend against potential liability.

Where legal or regulatory requirements impose specific retention periods (for example, in relation to financial records), we retain data in accordance with those obligations.

9.2 Deletion and Anonymisation

Once personal data is no longer required for the purposes for which it was processed, and there is no legal basis for continued retention, it is securely deleted or irreversibly anonymised.

Identity verification and compliance-related information, where collected, is retained only for as long as necessary to meet legal, regulatory, or fraud-prevention requirements. Following expiry of the relevant retention period, such data is securely erased or anonymised in a manner that prevents re-identification.

10. YOUR DATA PROTECTION RIGHTS

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you are granted a number of rights in respect of your personal data. These rights are intended to provide transparency, accountability, and control over how your information is handled.

Below is an overview of your key rights.

10.1 Right of Access

You have the right to request confirmation as to whether we process your personal data. If we do, you are entitled to receive a copy of that data, along with supplementary information explaining how and why it is processed.

10.2 Right to Rectification

You may request that we correct any personal data that is inaccurate or incomplete. If information held about you is outdated or incorrect, we will update it without undue delay.

10.3 Right to Erasure

In certain circumstances, you may request that we delete your personal data. This right may apply, for example, where:

  • the data is no longer required for the purpose for which it was collected;
  • processing is based on your consent and you withdraw that consent;
  • you object to processing and there are no overriding legitimate grounds to continue;
  • the data has been processed unlawfully.

This right is not absolute. We may retain certain information where required by law or where retention is necessary for the establishment, exercise, or defence of legal claims.

10.4 Right to Restrict Processing

You may request that we temporarily limit the processing of your personal data in specific situations, such as:

  • where you contest the accuracy of the data;
  • where processing is unlawful but you prefer restriction rather than deletion;
  • where we no longer need the data but you require it for legal claims.

During a restriction period, we will store the data but not process it further unless permitted by law.

10.5 Right to Object

You have the right to object to the processing of your personal data where it is based on our legitimate interests.

If you object, we will assess whether we have compelling legitimate grounds to continue processing that override your interests and rights.

You also have the right to object to processing for direct marketing purposes, where applicable.

10.6 Right to Data Portability

Where processing is based on your consent or on the performance of a contract and carried out by automated means, you may request to receive your personal data in a structured, commonly used, and machine-readable format.

Where technically feasible, you may also request that such data be transmitted directly to another controller.

10.7 Right to Withdraw Consent

Where we rely on your consent as the legal basis for processing, you may withdraw that consent at any time. Withdrawal will not affect the lawfulness of any processing carried out prior to the withdrawal.

10.8 Right to Lodge a Complaint

If you believe that your data protection rights have been infringed, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

You can find further information on the ICO’s website at:

https://ico.org.uk

10.9 How to Exercise Your Rights

To exercise any of the rights described above, please contact us at:

[email protected]

For security reasons, we may request additional information to verify your identity before responding to your request.

We will respond within the time limits required under applicable data protection law.

11. AUTOMATED PROCESSING AND DECISION-MAKING

We do not engage in automated decision-making or profiling that produces legal effects or similarly significant consequences for Users within the meaning of Article 22 of the UK General Data Protection Regulation (UK GDPR).

The Platform may use automated systems for operational purposes, including:

  • fraud detection and risk monitoring;
  • security analysis and abuse prevention;
  • technical performance optimisation;
  • transaction validation and system integrity checks.

Such automated processes are designed to support the safe and efficient operation of the Platform and do not result in decisions that materially affect your legal rights or otherwise have comparable significant impact without appropriate human oversight.

Where automated tools contribute to internal risk assessments or compliance reviews (for example, in cases of suspected fraud or unusual transaction patterns), any resulting restrictive measures are subject to review and are not based solely on automated processing.

We maintain appropriate safeguards to ensure that automated systems operate fairly, proportionately, and in compliance with applicable data protection legislation.

12. DATA SECURITY

We take the protection of personal data seriously and implement appropriate technical and organisational measures to safeguard it against unauthorised access, accidental loss, unlawful disclosure, alteration, or destruction.

Our security framework is designed in accordance with the requirements of the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and recognised industry standards.

12.1 Technical Safeguards

Our protective measures include, among other things:

  • Encryption of data in transit, using secure communication protocols (such as SSL/TLS), to ensure that personal data transmitted between Users and the Platform is protected against interception;
  • Access control systems, restricting access to personal data strictly to authorised personnel who require such access for legitimate operational purposes;
  • Authentication and account-level protections, including secure login mechanisms and session management procedures;
  • Ongoing system monitoring, logging, and threat detection processes designed to identify and respond to suspicious or unauthorised activity;
  • Secure payment infrastructure, whereby payment information is processed exclusively by authorised third-party payment service providers operating under recognised security standards, including PCI DSS compliance where applicable.

12.2 Organisational Measures

In addition to technical safeguards, we maintain internal procedures and governance measures, including:

  • defined access policies and data handling protocols;
  • periodic security reviews and system updates;
  • risk assessments addressing emerging vulnerabilities;
  • contractual safeguards with third-party service providers to ensure appropriate data protection standards are maintained.

12.3 Limitation of Absolute Security

While we implement reasonable and proportionate measures to protect personal data, no method of transmission over the internet or electronic storage system can be guaranteed to be entirely secure.

Accordingly, although we strive to protect personal data using appropriate safeguards, we cannot provide an absolute guarantee of security. Our commitment is to maintain a level of protection appropriate to the nature of the data and the risks involved.

13. CHANGES TO THIS PRIVACY POLICY

We may revise or update this Privacy Policy from time to time to reflect changes in applicable laws, regulatory requirements, operational practices, or the functionality of the Platform.

Where updates materially affect how we process personal data or impact your rights, we will take reasonable steps to inform you. Such notification may include:

  • publishing a prominent notice on the Platform;
  • updating the “Last Updated” date within this Privacy Policy;
  • sending a notification to the email address associated with your Account, where appropriate.

Minor or purely editorial amendments may be made without individual notice.

The updated version of this Privacy Policy will take effect from the date specified in the revised document. Your continued use of dota2leader.com after the updated version becomes effective will constitute acknowledgement of the revised terms.

If you do not agree with any changes, you should discontinue use of the Platform and may request closure of your Account in accordance with applicable Terms of Use