Privacy Policy
Information on personal data processing under GDPR for the WoW Trade Hub website
This Privacy Policy describes how personal data of WoW Trade Hub website users is processed in accordance with Regulation (EU) 2016/679 (GDPR), Czech Act No. 110/2019 on personal data processing, and related European Union legal regulations.
1. Data Controller
The data controller is the WoW Trade Hub website operator:
| Name | Boris Peska |
| Registered address | Polni 1001/6, 664 91 Ivancice, Czech Republic |
| Business ID | 72305924 |
| support@wowtradehub.com | |
| Register | The operator is registered in the Czech Trade Register. |
The controller has not appointed a Data Protection Officer, as this obligation does not apply under GDPR.
2. What Personal Data We Process
In connection with website operation and its features, we may process in particular the following personal data:
- email address,
- username, nickname, or other account identifier,
- IP address and other technical data (device type, browser, operating system, language settings),
- data about user activity on the website (for example sign-in, account actions, settings),
- data stored via cookies, localStorage, or similar technologies,
- information about completed payments (as described in section 9 - without access to payment card data).
We do not process special categories of personal data (sensitive data).
3. Purposes and Legal Bases of Processing
We process personal data only to the necessary extent and for the following purposes:
| Processing Purpose | Legal Basis |
|---|---|
| Creation and management of user account, sign-in, website features | Art. 6(1)(b) GDPR - performance of a contract |
| Website security, abuse prevention, technical logs | Art. 6(1)(f) GDPR - legitimate interest |
| Processing payments for digital services (Premium) | Art. 6(1)(b) GDPR - performance of a contract |
| Traffic and performance measurement (for example Google Analytics) | Art. 6(1)(a) GDPR - consent (if required) |
| Displaying ads through Google (for example AdSense) | Art. 6(1)(a) GDPR - consent (if required) |
| Storage and management of cookie and ad/analytics preferences (Cookiebot) | Art. 6(1)(a) GDPR - consent; consent evidence: Art. 6(1)(f) GDPR - legitimate interest |
| Compliance with legal obligations (accounting, tax obligations) | Art. 6(1)(c) GDPR |
Advertising and analytics technologies are used only after consent is granted where required by law. Consent can be withdrawn at any time in Cookie Settings.
4. Cookies and Similar Technologies
The website uses cookies and similar technologies for:
- ensuring core website functionality,
- storing user settings,
- displaying ads, including personalized ads (only with consent where required),
- measuring and optimizing website traffic (only with consent where required).
Detailed information on cookie types, purposes, and management options is available on the Cookie Policy page and in Cookie Settings.
Consent management on the website is implemented through Cookiebot by Usercentrics CMP with IAB TCF and Google Consent Mode v2 support.
5. Recipients of Personal Data
Personal data may be disclosed to these recipient categories:
- hosting, server, and technical infrastructure providers,
- CMP provider for consent management (Cookiebot by Usercentrics),
- analytics and advertising technology providers (especially Google),
- Stripe payment gateway provider.
Personal data is not sold or shared with third parties for their own marketing purposes outside granted consent.
6. Google AdSense and Google Advertising Services
Ads may be displayed on the website through services of Google Ireland Limited.
Google may use cookies, device identifiers, and similar technologies to display:
- non-personalized ads, or
- personalized ads (if user consent is granted where required).
Within its advertising services, Google may act as an independent data controller and processing is governed by its own privacy policy.
Users can modify or withdraw consent at any time through Cookie Settings on this website.
7. Transfer of Personal Data to Third Countries
In connection with Google, Cookiebot/Usercentrics, and Stripe services, personal data may be transferred outside the European Union or European Economic Area.
Such transfers are based on appropriate safeguards, in particular:
- standard contractual clauses approved by the European Commission,
- adequacy decisions where applicable,
- other technical and organizational safeguards.
8. Personal Data Retention Period
We retain personal data only for the necessary period:
- user account data - for account lifetime; after account closure, some data may be retained as necessary to protect rights and legitimate interests,
- technical and security logs - usually 30 to 180 days (depending on log type and purpose),
- payment and accounting data - according to legal accounting and tax obligations (typically years),
- consent records - for consent validity period and a reasonable period to prove consent.
9. Stripe Payment Gateway
Payments for digital services (for example Premium features) are processed through Stripe.
The website operator:
- has no access to payment card details,
- does not store card numbers or other sensitive payment data,
- receives only payment result information (for example successful/failed, transaction identifier).
Depending on processing type, Stripe may act as an independent controller and/or processor under its terms and privacy policy.
10. Profiling and Personalized Advertising
When consent is granted, automated personal data processing (profiling) may be used to display more relevant ads.
This processing:
- is not used for legally significant decisions under Art. 22 GDPR,
- is performed only based on consent (if required),
- can be refused or withdrawn at any time in Cookie Settings.
11. Security of Personal Data
The controller has adopted appropriate technical and organizational measures to protect personal data, especially secure data transfer (HTTPS), access control, security event logging, and regular system updates. Specific measures are chosen with regard to processing nature and risk.
12. Children and Minors
The website is not primarily intended for children. If consent is required for specific processing and the user is under 16, consent from a legal guardian is required.
13. Data Subject Rights
Under GDPR, you have in particular these rights:
- right of access to personal data,
- right to rectify inaccurate or incomplete data,
- right to erasure of personal data,
- right to restrict processing,
- right to data portability,
- right to object to processing,
- right to withdraw granted consent at any time.
Withdrawal of consent does not affect legality of processing performed before withdrawal. To exercise your rights, contact us at the listed email.
14. Supervisory Authority
If you believe personal data processing violates legal regulations, you have the right to file a complaint with the supervisory authority:
| Authority | Office for Personal Data Protection |
| Address | Pplk. Sochora 27, 170 00 Prague 7, Czech Republic |
15. Final Provisions
This Privacy Policy is valid and effective from the date of publication.
The operator reserves the right to update it at any time in response to legal changes or website operation changes.
Last update: February 14, 2026