Privacy Policy

Last updated: September 12, 2025

1. Data Controller

The data controller for the information you provide or that is collected by Winalia pursuant to this Privacy Policy is: Avenis SAS, 60 RUE FRANCOIS IER, 75008 PARIS, France.

2. Data We Process

Account & profile: email, username, password, date of birth/age of majority, language, preferences.

Gameplay & competitions: platform identifiers, match histories, rankings, sanctions, evidence (screenshots, links), reports.

Currency & earnings: W-Coins balance, histories (earned/spent), withdrawal requests, reward statuses.

Payments & withdrawals: amounts, statuses, transaction references, payment details held by authorized providers, identity documents where required by law (KYC/AML).

Security: IP addresses, user-agent, session/device identifiers, multi-account detection.

Support & moderation: ticket contents, attachments, timestamps, arbitration decisions.

Browsing & cookies: trackers necessary for operation; audience measurement and marketing subject to consent.

Integrations (optional): identifiers required if you connect third-party services—associated public data.

Sources: you, automatic technical collection, payment/KYC/anti-fraud providers, services you connect.

3. Purposes & Legal Bases (GDPR Art. 5)

Service delivery (account, access to Ranked/Tournaments/Skill Games, W-Coins, support): performance of a contract.

Payments, withdrawals, accounting: performance of a contract + legal obligation.

KYC/AML checks (age, anti-money-laundering): legal obligation.

Security, anti-fraud/anti-cheat, moderation: legitimate interests (competitive integrity, abuse prevention) with proportionate measures.

Product improvement & aggregated statistics: legitimate interests.

Analytics/marketing/non-essential cookies, newsletters: consent (withdrawable at any time).

4. W-Coins, Ranked, Tournaments & Withdrawals

W-Coins are an internal virtual currency (see Terms of Use). They can be earned via Ranked, Tournaments, and Skill Games and—subject to the Terms—may be withdrawn (bank transfer or PayPal) through authorized providers. Processing covers balance keeping, earnings traceability, regulatory checks, and abuse prevention.

5. Recipients & Processors

Internal access is limited to authorized personnel on a need-to-know basis. Data may be shared with:

  • Hosting / CDN / security
  • Payment and e-wallet services, withdrawal providers, and identity/KYC-AML verification providers
  • Anti-fraud / anti-cheat solutions
  • Support and ticketing tools, email/notification services
  • Audience measurement and marketing tools (activated only with your consent)

Disclosures to competent authorities may occur where required by law. In the event of a corporate transaction, transfers are made in compliance with the GDPR.

An up-to-date list of processors can be provided on request at support@winalia.gg.

6. Transfers outside the EU/EEA

Where applicable, appropriate safeguards are applied (adequacy decisions, European Commission Standard Contractual Clauses, supplementary measures). Information available on request.

7. Retention Periods (Principles)

Account & gameplay: duration of the relationship, then 3 years (evidence/limitation).

Payments & accounting records: up to 10 years (legal obligations).

KYC/AML: up to 5 years after the end of the relationship.

Tickets/support: 3 years after closure.

Security logs: up to 12 months (unless an incident requires longer).

Cookies: per category (see Cookie Policy).

8. Automated Decisions & Profiling

Ranked leaderboards: calculated from gameplay performance (transparent rules).

Fraud/anti-cheat detection: technical signals that may lead to checks, restrictions, or suspensions.

No decision producing legal effects without human intervention. You may request explanations and human review at support@winalia.gg.

9. Cookies & Trackers

Consent banner with Accept / Reject / Customize options and a Manage my cookies link in the footer.

Categories: necessary (operation/security), audience measurement, functional, marketing.

Details are provided in the dedicated Cookie Policy.

10. Security

Appropriate technical and organizational measures: encrypted communications (TLS), access controls, environment segmentation, logging and alerts, encrypted backups, data minimization, periodic audits. Notification will be made where required in the event of a data breach.

11. Communications

Service/security: necessary messages (withdrawal status, incidents) without consent.

Newsletters/offers: subject to consent; you may unsubscribe at any time.

12. Your Rights (GDPR)

Rights of access, rectification, erasure, restriction, objection, portability, and withdrawal of consent (for consent-based processing).

Request at support@winalia.gg (proof of identity may be required). Response time: 1 month (extendable by 2 months).

You may lodge a complaint with your supervisory authority (in France: CNIL).

13. Integrations & Third-Party Links

If you connect third-party services, we receive only the information strictly necessary for the integration. Those services apply their own privacy policies; please check their settings.

14. Moderation & Competitive Integrity

To ensure a fair and safe environment, we process reports (cheating, scams, risky behavior) and analyze technical signals. Graduated measures may apply (warnings, suspensions, cancellation of fraudulent winnings), with avenues of recourse via support.

15. Changes to this Policy

We may update this policy. The "Last Updated" date will be adjusted and, where necessary, a notice displayed. Continued use of the service constitutes acceptance of the revised version.

GDPR Contact

Winalia – Data Protection Service
support@winalia.gg — 60 RUE FRANCOIS IER, 75008 PARIS, France