Privacy Policy
We are committed to protecting your privacy and personal data according to the highest international standards
🔒 Privacy Policy & Personal Data Protection
1. Introduction and Privacy Commitment
At The Gaming Nest ("Platform", "Website", "Application"), we deeply value your trust and are firmly and unconditionally committed to protecting your privacy and personal data while using our Platform. This Privacy and Personal Data Protection Policy ("Policy") aims to explain — with complete transparency and full clarity — how we collect, use, store, protect, and process your information.
This Policy is designed to comply with the highest international data protection standards, including but not limited to: the European Union General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), personal data protection laws in Saudi Arabia, the UAE, and Jordan, and other applicable international regulatory frameworks. We recognize that privacy is a fundamental human right, and we continuously work to develop our security procedures and operational policies to ensure the highest levels of protection for your personal information.
By using the Platform or accessing any part of its services — whether as a registered user or visitor, via any device or medium — you acknowledge that you have read and understood this Policy and consent to the data collection and processing practices described herein. If you do not agree with any part of this Policy, you must immediately cease using the Platform. This Policy constitutes an integral part of the Platform's Terms of Service and Use.
2. Definitions and Terminology
For the purposes of this Policy, the following definitions and terminology apply:
- "Personal Data": Any information relating to an identified or identifiable natural person — including name, email, IP address, device identifiers, geolocation data, or any other unique identifier.
- "Processing": Any operation or set of operations performed on personal data — whether by automated or manual means — including collection, recording, organization, storage, modification, retrieval, consultation, use, transfer, erasure, or destruction.
- "Controller" (Data Controller): The Gaming Nest as the entity that determines the purposes and means of processing personal data.
- "Processor" (Data Processor): Any third party that processes personal data on behalf of and under the instructions of the Controller.
- "Data Subject": You — the natural person to whom the personal data relates.
- "Consent": Any freely given, specific, informed, and unambiguous expression of the data subject's will — indicating acceptance of the processing of their personal data.
- "Data Breach": Any security incident resulting in unauthorized access to, loss, destruction, or disclosure of personal data — whether accidental or intentional.
- "Anonymization": An irreversible process that renders data incapable of being linked to any identified or identifiable person.
- "Pseudonymization": Processing of data in a manner that it cannot be attributed to a specific person without the use of additional information stored separately and securely.
3. Data We Collect — Complete Transparency
We collect various types of data to enable you to fully benefit from our services and improve your experience. We adhere to the principle of Data Minimization — collecting only the minimum necessary to achieve the specified purposes. Below is a comprehensive breakdown of the data we may collect:
- **Basic Account Information**: Full name, username, email address, encrypted password (we use one-way hashing algorithms — we never store passwords in plain text), country, city, preferred language, timezone, date and place of birth (optional), and professional role (developer, designer, artist, reviewer, publisher, investor, trainer, or general user).
- **Extended Profile Information**: Professional biography, technical and creative skills, specializations, years of experience, job title, current workplace, education and academic qualifications, professional certifications, awards and achievements, social media links (LinkedIn, GitHub, Twitter/X, ArtStation, Behance, etc.), professional contact information, and work availability.
- **Platform Activity Data**: Projects you create, join, or follow, project contributions, studios you create or join, competition entries (Game Jams), comments, reviews, ratings, likes, shares, published articles, galleries and albums, private message history (end-to-end encrypted), financial transaction history, subscriptions, enrolled training courses, educational progress, and employment/job application history.
- **Technical and Usage Data (Collected Automatically)**: IP address, browser type and version, operating system and version, device used (desktop, mobile, tablet) and manufacturer/model, screen resolution and density, default browser language, pages visited and visit sequence, duration of each session and page interaction time, referral source (search engine, ad, direct link, social media), click and scroll patterns (anonymized), approximate geolocation data (based on IP — we do not use GPS without your explicit permission).
- **Third-Party Login Data**: When signing in via Google, LinkedIn, or any other identity provider (OAuth), we receive: your unique account identifier with the provider, name, email, profile picture (if available). We never obtain your password from any third-party provider.
- **Uploaded Media and Files**: Profile picture, portfolio images and videos, audio files, graphics and art assets, source code, design files (PSD, Figma, Blender), demo game files, technical documents, resumes (CV/Resume), and any digital content you upload. We scan all uploaded files for malware before storage.
- **Payment and Billing Data**: When conducting financial transactions, payment data (card number, expiration date, CVV) is processed exclusively by certified secure payment gateways. We never store your bank card data on our servers. We retain only transaction records (amount, date, transaction status, last 4 digits of card) for accounting and support purposes.
- **Notification Data**: Push notification device token (Push Token), notification preferences, and sent/read notification history.
4. Legal Basis for Data Processing
We process your personal data based on one or more of the following legal bases, in accordance with the requirements of the GDPR and applicable local laws:
- **Contract Performance (Article 6(1)(b) GDPR)**: Processing data necessary for the performance of the contract between you and the Platform — including service delivery, account management, payment processing, and technical support.
- **Consent (Article 6(1)(a) GDPR)**: When you grant us explicit and informed consent to process your data for specific purposes — such as direct marketing, non-essential cookies, or survey participation. You may withdraw your consent at any time.
- **Legitimate Interest (Article 6(1)(f) GDPR)**: When processing is necessary for our legitimate interests — such as service improvement, fraud detection, platform security, conducting analytics — provided these interests do not override your fundamental rights and freedoms.
- **Legal Obligation (Article 6(1)(c) GDPR)**: When we are legally required to process data — such as tax and accounting obligations, compliance with court orders, or meeting regulatory requirements.
- **Vital Interest (Article 6(1)(d) GDPR)**: In exceptional and rare cases where processing is necessary to protect the vital interests of the data subject or another person.
- **Public Interest (Article 6(1)(e) GDPR)**: When processing is necessary for the performance of a task in the public interest.
We maintain an updated record of the legal bases used for each data processing activity, and you may inquire about the specific legal basis for any processing of your data by contacting our Data Protection Officer.
5. How We Use Information — Specific Purposes
We use your data only for the following legitimate, necessary, and specific purposes — and we do not process your data for any other purpose incompatible with these purposes without notifying you and obtaining your consent (where required):
- **Provide Core Services**: Enable you to create your personal account, authenticate and verify identity, access the Platform and use all available features, manage your profile, projects, studios, and content.
- **Personalize Experience**: Display content and projects that match your professional interests and skills, provide smart recommendations based on your activity and preferences, customize user interface according to your settings, and adapt content based on your language and timezone.
- **AI-Powered Matchmaking**: Activate AI Matchmaking system to connect talents with suitable projects, suggest potential partnerships and teams, analyze compatibility between skills and requirements, and recommend relevant job opportunities.
- **Educational and Training Services**: Manage your course enrollments, track your educational progress, issue completion certificates, and provide personalized learning recommendations.
- **Communication and Notifications**: Send important update notifications, security alerts, internal messages, administrative and transactional emails (subscription and payment confirmations), and system notifications.
- **Security and Protection**: Detect and prevent fraud and suspicious activities, manage fake accounts and violating content, enforce Platform policies, protect user and Platform rights, and monitor infrastructure integrity.
- **Analytics and Improvement**: Analyze Platform performance and user behavior (aggregated and anonymized data), improve interface design and user experience, develop new features, fix technical bugs, and measure service effectiveness.
- **Competitions and Events**: Manage your participation in competitions and Game Jams, display submitted projects, calculate results and rankings, and award prizes.
- **Employment and Talent Marketplace**: Display your professional profile to employers (according to privacy settings you choose), match your skills with available job opportunities, and manage job applications.
- **Legal Compliance**: Respond to requests from competent governmental and judicial authorities, comply with local and international legislation, protect the Platform's legal rights, and fulfill tax and accounting obligations.
- **Marketing and Promotional Communications (with your explicit consent only)**: Send newsletters about the Platform and its services, special offers and discounts, product updates and new features, and event and competition invitations. You can unsubscribe with one click at any time.
6. Data Sharing with Third Parties
We fully and absolutely respect your privacy. We will never — under any circumstances — sell, rent, trade, or barter your personal data to any external party for their own purposes. However, we may share limited and necessary data with trusted and certified partners — subject to strict data processing agreements — in the following cases only:
- **Cloud Infrastructure and Hosting Providers**: Cloud server hosting companies (such as AWS, Azure, Google Cloud) to ensure efficient, secure, and continuous Platform operation. All data is encrypted in transit and at rest.
- **Email and Communication Services**: Email service providers (SMTP, SendGrid, Mailgun) for sending notifications and administrative/transactional messages. We share only the email address and message content — without any other personal data.
- **Secure Payment Gateways**: Internationally certified payment processors (Stripe, PayPal, PCI-DSS compliant local gateways) for securely processing subscriptions and financial transactions. Payment data is processed exclusively by these gateways and is subject to their own privacy policies.
- **Analytics and Performance Tools**: Analytics services (Google Analytics 4, and similar tools) to monitor overall Platform performance and understand usage patterns. We share only aggregated and anonymized data that cannot be linked to specific individuals.
- **Push Notification Services**: Notification service providers (OneSignal, Firebase Cloud Messaging) for sending push notifications to your devices. We share only the device identifier and notification content.
- **Third-Party Login Providers**: When using OAuth (Google, LinkedIn), verification data is exchanged according to those services' privacy policies. We encourage you to review those providers' privacy policies.
- **Security and Data Protection Services**: Cybersecurity companies for threat detection, intrusion prevention, and infrastructure integrity assurance.
- **Professional Advisors**: Lawyers, auditors, and professional consultants — limited to what is necessary for legal and accounting advice.
- **Legal and Government Authorities**: In legitimate and justified cases only — when there is an explicit legal obligation, enforceable court order, or pressing legal necessity to protect the rights of the Platform, users, or the public from imminent harm.
- **Mergers and Acquisitions**: In the event of a company merger, acquisition, or asset sale, your personal data may be transferred to the new entity — with the same level of protection continuing to apply. You will be notified in advance of any such transfer.
All third parties with whom we share data are contractually bound by Data Processing Agreements (DPA) and strict confidentiality agreements (NDA), and are subject to verified high security standards. They are prohibited from using your data for any purpose other than those explicitly specified in our agreements. We conduct periodic reviews of these parties' practices to ensure ongoing compliance.
7. Data Protection and Security — Highest Standards
We implement a comprehensive, multi-layered set of technical, organizational, and administrative security measures to protect your personal data from unauthorized access, loss, modification, disclosure, or destruction. These measures include:
- **Data Encryption in Transit**: Using TLS 1.3 protocol (latest encryption standard) with strong cipher suites to secure all data transmitted between your device and our servers. All Platform communications occur exclusively over HTTPS.
- **Data Encryption at Rest**: Encrypting databases and stored files using AES-256 standard, one of the strongest globally recognized encryption standards — used by governments and financial institutions.
- **Password Hashing**: We never store passwords in plain text — we use one-way hashing algorithms with salting to ensure they cannot be reversed even if database access is obtained.
- **Firewalls and Intrusion Detection Systems**: Implementing advanced multi-layered firewalls (WAF + Network Firewall) and intrusion detection/prevention systems (IDS/IPS) for 24/7/365 monitoring of suspicious activities.
- **Two-Factor Authentication (2FA)**: Providing option to enable two-factor authentication via authenticator apps or SMS to protect your account with an additional security layer. We strongly recommend enabling it.
- **Strict Access Management (Principle of Least Privilege)**: Restricting access to sensitive data to a very limited team of authorized personnel based on the principle of least privilege, with logging and auditing of all access operations.
- **Data Isolation**: Separating sensitive personal data in separate databases with additional protection layers.
- **Regular and Secure Backups**: Performing automatic and encrypted daily data backups with storage in different geographic locations to ensure recovery in emergency and disaster situations.
- **Periodic Security Audits**: Conducting comprehensive security scans and penetration testing regularly by independent and certified cybersecurity experts.
- **Privacy by Design & Default**: Applying privacy principles in the design and development of all new features and services from inception, with privacy settings configured to the most protective mode by default.
- **Employee Training**: Regularly training all employees who handle personal data on data protection and security best practices.
- **Incident Response Plan**: Maintaining an updated and tested plan for rapid response to any potential security incidents.
8. Data Breach Notification
In the event of a security breach resulting in unauthorized access to, loss, or disclosure of personal data, we commit to the following procedures:
- **Detection and Containment**: Immediately activate the incident response plan to contain the breach and prevent its spread, with formation of a dedicated response team.
- **Assessment and Investigation**: Conduct a thorough investigation to determine the scope of the breach, affected data, root cause, and potential impact on affected users.
- **Regulatory Notification**: Notify the competent data protection authority within 72 hours of breach discovery (per GDPR Article 33), with a comprehensive report including the nature of the breach and measures taken.
- **Affected User Notification**: If the breach poses a high risk to your rights and freedoms, we will notify you directly and without undue delay via email or Platform notification — clarifying the nature of the breach, affected data, and recommended actions to protect yourself.
- **Remediation and Correction**: Implement necessary security patches, update affected systems, and develop procedures to prevent incident recurrence.
- **Documentation and Review**: Fully document the incident and conduct a comprehensive review to extract lessons learned and improve security procedures.
9. User Rights — GDPR and Full Control
Under the General Data Protection Regulation (GDPR) and applicable local laws, you enjoy extensive and comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights to the maximum extent possible:
- **Right to Access (Article 15 GDPR)**: Obtain a complete and free copy of all your personal data stored with us in a clear and readable format, with information about processing purposes and parties with whom data was shared.
- **Right to Rectification (Article 16 GDPR)**: Edit or update any inaccurate or incomplete personal information at any time — directly from your account dashboard, or by requesting correction from the support team.
- **Right to Erasure — 'Right to be Forgotten' (Article 17 GDPR)**: Request permanent deletion of your account and all your personal data from our systems. We will respond to your request within 30 days, considering any legal obligations requiring retention of limited data.
- **Right to Restrict Processing (Article 18 GDPR)**: Request temporary suspension of data processing in certain cases — such as contesting data accuracy or objecting to processing while its legitimacy is being verified.
- **Right to Data Portability (Article 20 GDPR)**: Obtain a copy of your data in a structured, commonly used, and machine-readable format (JSON, CSV, XML) to transfer to another service.
- **Right to Object (Article 21 GDPR)**: Object to processing your data for certain purposes — including direct marketing (absolute right), and processing based on legitimate interest.
- **Right to Withdraw Consent**: Easily withdraw your consent to data processing at any time — without affecting the lawfulness of processing performed prior to withdrawal.
- **Right Not to be Subject to Automated Decisions (Article 22 GDPR)**: Not to be subject to decisions based solely on automated processing — including profiling — that produce legal effects or similarly significant effects. You have the right to request human intervention in reviewing such decisions.
- **Right to Lodge a Complaint**: File a complaint with the competent local data protection authority if you believe that the processing of your data violates applicable data protection laws.
To exercise any of these rights, please contact us via: 📧 Email: info@thegamingnest.com 🌐 Contact Form: thegamingnest.com/contact-us We will respond to your request within a maximum of 30 days from the date of receiving the request. In complex cases or multiple requests, this period may be extended by an additional 60 days, with notification of the extension and its reasons. All requests are free of charge — except in cases of manifestly excessive or unfounded repetitive requests, where we may charge a reasonable administrative fee or refuse the request.
10. Data Retention — Time Policies
We adhere to the principle of Storage Limitation — we retain your personal data only for the duration necessary to achieve the purposes for which it was collected or as required by law. Below is a detailed breakdown of our retention policies:
- **Active Account Data**: We retain your personal data as long as your account is active and you use our services. Accounts inactive for more than 24 consecutive months may be notified before deletion or anonymization.
- **After Account Deletion Request**: Upon requesting account deletion, we delete or anonymize all your personal data within 30 calendar days of request confirmation. During this period, you may reverse your deletion request.
- **Financial and Accounting Records**: We retain financial transaction records for 7 years from the transaction date — in compliance with local and international tax and accounting laws.
- **Security and Audit Logs**: We retain access logs and security activity records for 12 months for fraud detection and security incident investigation purposes.
- **Consent Records**: We retain evidence of your consents (for marketing, cookies, etc.) for 5 years from the date of consent or withdrawal — as proof of legal compliance.
- **Aggregated Analytics Data**: We may retain fully aggregated and anonymized statistical data permanently for analysis, research, and service improvement purposes — such data does not constitute personal data.
- **Published Content**: Content you published publicly (projects, articles, comments) may remain visible even after account deletion if linked to other users' interactions — but will be disconnected from your personal information.
- **Backups**: Copies of your data may remain in encrypted backups for no more than 90 days after deletion, but will be removed in the next backup cycle. Data cannot be recovered from backups after deletion.
- **Legal Obligations**: We may retain limited data for longer periods if required by law, court order, or to protect the Platform's rights in existing or potential legal disputes.
11. Cookies and Similar Technologies
We use cookies and similar tracking technologies to improve your experience, operate the Platform efficiently, and provide personalized services. By continuing to use the Platform, you consent to our use of essential cookies. We request your explicit consent for non-essential types.
- **Essential Cookies**: Absolutely required for Platform operation and core functionality — login, security, CSRF protection, language preference storage, session management. Cannot be disabled as they are fundamental to Platform operation.
- **Functional Cookies**: To remember your settings and preferences such as dark/light mode, font size, content ordering, and recently visited pages. They improve your experience but are not essential for Platform operation.
- **Analytics Cookies**: To understand how visitors use the Platform — most visited pages, navigation paths, session duration, bounce rate. Only aggregated and anonymized data is used to improve performance and user experience.
- **Marketing Cookies**: To display content and advertisements relevant to your interests, measure marketing campaign effectiveness, and avoid displaying the same ad repeatedly. Activated only with your explicit consent.
- **Similar Tracking Technologies**: We may also use web beacons (tracking pixels), local storage, and session storage for purposes similar to cookies.
You can manage cookie preferences in several ways: (1) through your browser settings — you can block or delete cookies, (2) through the privacy settings in your Platform account. However, disabling essential cookies may prevent you from using the Platform normally. For more information about managing cookies, you can visit www.allaboutcookies.org.
12. Automated Decision-Making and Profiling
We may use automated systems and artificial intelligence algorithms in certain aspects of our services. We are committed to full transparency about these uses:
- **AI Matchmaking**: We use algorithms to match talents with suitable projects and opportunities based on skills, experience, and declared preferences. These recommendations are advisory and not final decisions — the final decision rests with you and project owners.
- **Content Personalization**: We use algorithms to determine the most relevant content for you based on your activity and interests. You can always browse content without personalization.
- **Violating Content Detection**: We use automated systems for preliminary detection of violating content (spam, offensive content, fake accounts). All final decisions regarding content removal or account restrictions are subject to human review.
- **Security Analysis**: We use automated systems to detect suspicious patterns and alert the security team — but no punitive actions are taken automatically without human review.
- **Your Rights Regarding Automated Decisions**: Under GDPR Article 22, you have the right to: (1) not be subject to decisions based solely on automated processing that produce legal or similarly significant effects, (2) request human intervention in reviewing any automated decision, (3) express your point of view and contest the decision.
13. Children's and Minors' Privacy Protection
We take children's and minors' privacy protection with utmost seriousness. The following provisions apply:
- The Gaming Nest is not designed or directed for children under 13 years of age. We do not knowingly or intentionally collect personal data from children under this age.
- If you are between 13 and 16 years old (or the age specified in your country's laws), you must obtain explicit and documented parental or legal guardian consent before creating an account or providing any personal data.
- If you are between 16 and 18 years old, you may use the Platform with parental notification required — and we recommend parental supervision of usage.
- If we discover — by any means — that we have collected personal data from a child under 13 without appropriate parental consent, we will delete all such data immediately and permanently.
- If you are a parent and believe your child has provided personal data to the Platform without your consent, please contact us immediately at info@thegamingnest.com and we will take necessary action.
- We are committed to the provisions of the Children's Online Privacy Protection Act (COPPA) and all similar local laws protecting minors.
14. International Data Transfer
Your personal data may be stored and processed on servers located in different countries outside your country of origin. We are committed to ensuring that all international data transfers comply with the highest protection standards:
- **Legal Transfer Mechanisms**: All international data transfers comply with approved legal mechanisms — including Standard Contractual Clauses (SCCs) approved by the European Commission, and Adequacy Decisions where available.
- **Same Level of Protection**: We ensure your data receives the same level of protection — or higher — regardless of the location of servers where it is stored or processed.
- **Data Transfer Impact Assessments**: We conduct regular Transfer Impact Assessments to verify that the legal environment in the receiving country provides adequate protection.
- **Data Processing Agreements**: All external service providers processing your data are bound by strict Data Processing Agreements (DPA) containing adequate safeguards for your data protection.
- **Current Storage Locations**: Your data may currently be stored in data centers in Europe, the Middle East, and North America — through internationally certified cloud service providers.
- You may inquire about the specific transfer mechanisms used for your data by contacting our Data Protection Officer.
15. Do Not Track Signals
Some browsers send "Do Not Track" (DNT) signals to websites. Due to the current lack of a unified industry standard on how to respond to DNT signals, the Platform does not currently respond automatically to DNT signals. However, you can control activity tracking in the following ways:
- Using your browser settings to block non-essential cookies.
- Using private browsing mode (Incognito/Private Browsing).
- Disabling analytics and marketing cookies from your account settings on the Platform.
- Installing tracking blocker extensions in your browser.
- We will update this Policy if a unified industry standard for DNT signals is adopted in the future.
16. California Residents' Rights (CCPA/CPRA)
If you are a resident of the State of California in the United States, you enjoy additional rights under the California Consumer Privacy Act (CCPA) and its amendments (CPRA):
- **Right to Know**: Know the categories and sources of personal data we collected about you, the purposes of collection, and the parties we shared it with.
- **Right to Delete**: Request deletion of your personal data — subject to certain legal exceptions.
- **Right to Correct**: Correct any inaccurate personal data we maintain about you.
- **Right to Opt-Out of Sale**: We never sell your personal data. If this changes in the future, we will provide a clear "Do Not Sell My Personal Information" option.
- **Right to Non-Discrimination**: We will not discriminate against you for exercising any of your privacy rights — we will not deny services, charge different prices, or provide a lower level of service.
- **Right to Opt-Out of Cross-Context Behavioral Advertising**: The right to opt out of sharing your data for cross-context behavioral advertising purposes.
- To exercise these rights, contact us at info@thegamingnest.com. We will verify your identity before processing the request. You may also authorize an authorized agent to submit a request on your behalf.
17. Platform Communications and Marketing
We communicate with you through various channels for specific purposes. We respect your preferences and are committed to giving you full control over the communications you receive:
- **Administrative and Transactional Emails (Cannot be unsubscribed)**: Account confirmations, security notifications, password change alerts, payment confirmations, Terms and Policy updates, maintenance notices. These are essential for service operation and cannot be unsubscribed from.
- **Platform Notifications (Customizable)**: Interaction notifications (likes, comments, follows), private messages, project updates, studio invitations, competition results. You can customize these notifications from your account settings.
- **Push Notifications — With your consent**: Instant alerts on your device. Activated only with your explicit consent and can be disabled at any time from browser or device settings.
- **Marketing and Newsletter Emails — With your explicit consent only**: Periodic newsletters, special offers, new feature announcements, event and competition invitations. Subscription is opt-in only with your explicit consent, and you can unsubscribe with one click at the bottom of any email or from your account settings.
- **Communication Frequency**: We commit to not sending excessive marketing messages. If you feel you are receiving more messages than desired, please adjust your preferences or contact us.
18. Privacy Policy Updates and Modifications
- We may update this Privacy Policy from time to time to reflect changes in our services, operational practices, technologies used, or applicable laws and regulations.
- **Notification of Material Updates**: Users will be notified of any material updates affecting their rights or how their data is processed — via registered email and a prominent notice within the Platform — at least 30 days before the changes take effect.
- **Minor Modifications**: Clarifying or formatting changes that do not affect your rights may be applied with an updated "Last Updated" date without separate notification.
- **Right to Review and Refuse**: If you disagree with material changes, you may cease using the Platform and request deletion of your account and data before the effective date of the changes.
- We encourage you to review this Policy periodically to stay informed about how we protect your information.
- The "Last Updated" date at the top and bottom of this page always indicates the current effective version of the Policy.
- The version published on the Platform's website represents the official, authoritative, and sole enforceable version.
19. Governing Law
This Policy is governed by and construed in accordance with the laws of the Hashemite Kingdom of Jordan regarding data protection and privacy. In the event of a conflict between this Policy and applicable local laws in your country of residence, the provisions most protective of your privacy shall prevail. For any dispute relating to this Policy, the competent courts in the Hashemite Kingdom of Jordan shall have exclusive jurisdiction — while preserving your right to file a complaint with the local data protection authority in your country. In the event of any conflict between the Arabic and English versions of this Policy, the Arabic version shall prevail.
20. Contact and Data Protection Officer
For privacy and data protection inquiries, exercising your rights as outlined in this Policy, reporting any privacy concerns, or filing complaints:
📧 General Email: info@thegamingnest.com 🌐 Contact Form: thegamingnest.com/contact-us 📱 Social Media: Available on all major platforms 📍 Postal Address: Amman, Hashemite Kingdom of Jordan **Data Protection Officer (DPO)**: A dedicated Data Protection Officer has been appointed to oversee the Platform's compliance with data protection laws. You can contact the DPO directly via the email above with "DPO" or "Data Protection Officer" in the subject line. **Response Times**: • General privacy inquiries: 48-72 business hours • Rights exercise requests (access, deletion, correction): 30 days maximum • Data breach reports: Immediate response within 24 hours • Formal complaints: Acknowledgment within 48 hours + detailed response within 30 days We are committed to handling all inquiries and requests with seriousness, respect, and full professionalism. Please include your account identifier and clear, accurate details in any official correspondence to expedite processing of your request. Thank you for your trust in The Gaming Nest. Protecting your privacy and personal data is our highest priority — and we are committed to transparency and accountability in everything related to processing your data.
Last Updated: April 2026
Committed to protecting your privacy and personal data in accordance with GDPR, CCPA, and local laws