Privacy Policy

Effective Date: April 22, 2026

Last Updated: April 26, 2026

Last Reviewed: April 26, 2026

Quick Summary (TL;DR)

GPDS Game Shop is a Philippine digital top-up service founded in 2018 that sells discounted in-game currency, vouchers, and digital products for Mobile Legends, Honor of Kings, Genshin Impact, Valorant, Call of Duty Mobile, Ragnarok titles, and other popular games. This Privacy Policy explains, in plain language, what personal data we collect, why we collect it, how long we keep it, who we share it with, and the rights you have under the Philippines Data Privacy Act of 2012.

In short, GPDS Game Shop collects only the data needed to deliver your order. GPDS Game Shop does not sell your personal data to any third party. We do not store full credit card numbers, CVVs, or your game account passwords. You have legal rights over your data, and we provide a simple way to exercise them. If you have any questions after reading this policy, contact our support team at [email protected] or use the channels in Section 16.

Table of Contents

1. Introduction and Scope
2. Who We Are
3. Information We Collect
4. How We Use Your Information
5. Cookies and Tracking Technologies
6. Sharing and Disclosure of Information
7. International Data Transfers
8. Data Retention
9. Data Security
10. Data Breach Notification
11. Your Rights as a Data Subject
12. Children and Minors
13. Marketing Communications
14. Third-Party Links and Services
15. Updates to This Privacy Policy
16. Contact Information
17. Consent and Acknowledgment

1. Introduction and Scope

GPDS Game Shop ("GPDS," "we," "our," or "us") is a Philippine-based online platform operating at https://gpdsgameshop.com. GPDS Game Shop provides discounted game top-ups, in-game currency, digital vouchers, and gift cards for popular titles including Mobile Legends: Bang Bang (MLBB), Honor of Kings (HoK), Genshin Impact, Valorant, Call of Duty Mobile, Ragnarok titles, and other mobile and PC games.

We respect your privacy and are committed to protecting your personal data in accordance with the Philippines Data Privacy Act of 2012 (Republic Act No. 10173), its Implementing Rules and Regulations, and the issuances of the National Privacy Commission of the Philippines.

This Privacy Policy applies to all visitors, registered users, customers, resellers, and partners who interact with GPDS Game Shop through our website at gpdsgameshop.com and any subdomains, our mobile application when launched, our official social media channels (Facebook, Telegram, WhatsApp, LinkedIn), our email, chat, and customer support communications, and any partnership, reseller, or affiliate program we operate.

By accessing or using our services, you confirm that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree, please do not use our website or services.

2. Who We Are

GPDS Game Shop is a Philippine digital top-up service founded in 2018 by Angelo "bhadzki" Leoncio. We serve solo gamers, ranked players, streamers, and resellers across the Philippines, offering discounted in-game currency and digital vouchers through local payment methods including GCash, Maya, GrabPay, and QRPH.

For inquiries, you may reach us through our website at https://gpdsgameshop.com, by email at [email protected], or directly through our owner at [email protected].

3. Information We Collect

We collect only the data needed to operate our top-up service, fulfill your orders, and comply with our legal obligations. The categories below describe what we collect and why.

3.1 Account and Identity Information

When you register an account or place an order, we may collect your full name, email address, mobile or contact number, username, securely hashed password (we never store passwords in plain text), date of birth where required to confirm you meet our minimum age, and an optional profile photo or avatar.

3.2 Transaction and Billing Information

To process your top-ups, vouchers, and digital purchases, we process your order ID and timestamp, the product or service you purchased (such as MLBB Diamonds, HoK Tokens, or Genshin Crystals), the amount paid and currency, the payment method used (GCash, Maya, GrabPay, QRPH, Visa or Mastercard, PayPal, Wise, USDT, and others), your billing name and address where required by the payment provider, any proof of payment screenshots you voluntarily submit, and refund or dispute records.

GPDS Game Shop does not store full credit or debit card numbers, CVV or CVC codes, OTPs, or full bank account numbers. These are handled directly by our PCI-DSS compliant payment processors and never reach our servers.

3.3 Game Account Information

To deliver in-game credits and digital items, we may need your Game User ID (UID) and Server or Zone ID, your in-game character name where applicable, your email or login identifier for "via login" top-up products, and temporary login credentials, but only for products that require account-based delivery (such as certain Ragnarok or Lord Nine top-ups).

Critical safeguards for login-based top-ups: Where credentials are necessary, they are collected only for the duration of the specific top-up, transmitted over encrypted channels, used only by authorized fulfillment staff, and purged from our systems within 24 hours of order completion. We strongly encourage you to change your game account password after any login-based top-up. We will never ask for OTPs or two-factor codes outside of the active fulfillment of an order you placed.

3.4 Technical and Device Data

When you visit our site, we automatically collect standard log information including your IP address (truncated where feasible), browser type, version, and language, device type, model, and operating system, screen resolution and timezone, referring URL and exit pages, pages viewed, click events, and time spent, and crash logs and error reports.

3.5 Communications Data

When you contact us through email, live chat, WhatsApp, Facebook, Telegram, or our support form, we keep a record of the conversation, the channel used, and any attachments you send so we can resolve your concern and improve our service.

3.6 Marketing and Preference Data

If you opt in, we may collect your communication preferences, the campaigns you respond to, and basic engagement metrics such as opens and clicks. You can opt out at any time as described in Section 13.

3.7 Sensitive Personal Information

We do not intentionally collect sensitive personal information as defined under RA 10173, such as race, religion, health, genetic data, sexual life, or government-issued identifier numbers, unless you voluntarily provide it for a specific verified purpose (for example, identity verification on a high-value dispute). Where collected, it is processed under stricter safeguards and access controls.

4. How We Use Your Information

Under RA 10173, we may process your personal data only when at least one lawful basis applies. Our processing falls under the following purposes and lawful bases.

We use your data under the contractual basis (Section 12(b) of RA 10173) to create and manage your GPDS account, process your top-up, voucher, or digital order, provide customer support and dispute resolution, and send order confirmations and transactional emails.

We use your data under legitimate interest (Section 12(f)) to verify payments and prevent fraud, analyze site usage to improve performance, and defend or assert legal claims.

We use your data under legal obligation (Section 12(c)) to comply with tax, accounting, and anti-money-laundering requirements.

We use your data under consent (Section 12(a)) to send marketing emails, SMS, or push notifications, and to personalize content and offers.

You may withdraw consent at any time for purposes that rely on consent. Withdrawal does not affect the lawfulness of processing that occurred before the withdrawal.

5. Cookies and Tracking Technologies

We use cookies and similar technologies (pixels, local storage, SDKs) to operate the website, remember your preferences, analyze usage, and run advertising.

We use four categories of cookies. Strictly necessary cookies support login sessions, your shopping cart, and basic security; these do not require consent because they are essential to the service. Functional cookies remember your language, currency (PHP), and saved preferences. Analytics cookies such as Google Analytics 4 measure traffic, page performance, and A/B tests. Marketing and advertising cookies including Meta Pixel, Google Ads, and TikTok Pixel support retargeting and campaign measurement. The functional, analytics, and marketing categories all require your consent.

You can manage non-essential cookies through our cookie consent banner, which appears on your first visit and is accessible at any time via the "Cookie Preferences" link in our footer. You may also disable cookies through your browser settings, although doing so may affect site functionality. For full details see our Cookies Policy.

6. Sharing and Disclosure of Information

GPDS Game Shop does not sell your personal data to any third party. We share information only with the categories of recipients below, and only to the extent necessary.

To process payments, we share required data such as your name, the amount, and the transaction reference with our payment partners. These include GCash (Mynt – Globe Fintech Innovations, Inc.), Maya (PayMaya Philippines, Inc.), GrabPay, QRPH-participating banks, Visa, Mastercard, and acquiring banks, PayPal, Wise, and licensed USDT or cryptocurrency processors.

To deliver in-game credits, we share your UID, Server ID, and order details with authorized game publishers, regional distributors, and licensed top-up aggregators (for example, those servicing MLBB, Honor of Kings, Genshin Impact, Valorant, and Garena titles).

We also work with vetted vendors who process data on our behalf under written data-processing agreements. These include cloud hosting and content delivery providers (such as AWS and Cloudflare), customer support and live chat tools, email and SMS delivery providers, analytics platforms (Google Analytics), advertising platforms (Meta, Google, and TikTok), and fraud-detection and anti-abuse providers.

We may disclose information when required by Philippine law, a valid court order, a lawful request from a government agency (including the BIR, AMLC, NPC, or law enforcement), or where disclosure is necessary to protect the rights, property, or safety of GPDS, our users, or the public.

If GPDS is involved in a merger, acquisition, restructuring, or asset sale, your personal data may be transferred to the successor entity, subject to the protections of this Privacy Policy. We will notify affected users in advance where required by law.

7. International Data Transfers

Some of our service providers and game publishers are located outside the Philippines, for example in Singapore, the United States, the European Union, or China. When we transfer your data abroad, we ensure that the transfer is supported by appropriate safeguards. These may include the recipient operating in a jurisdiction with comparable data-protection standards, a written data-processing agreement containing standard contractual clauses, recognized certifications such as ISO 27001 or SOC 2, or your explicit consent where required.

You may request more information about the safeguards we use by contacting our support team.

8. Data Retention

We retain personal data only for as long as necessary for the purpose it was collected and to comply with our legal obligations.

Active account profile data is retained for the lifetime of your account, plus 12 months after closure. Transaction and billing records are retained for ten (10) years, in compliance with the Bureau of Internal Revenue (BIR) and the National Internal Revenue Code. Game login credentials used for login-based top-ups are retained for up to 24 hours after order fulfillment, then permanently deleted. Customer support tickets are retained for 24 months after resolution. Marketing consent records are retained until you withdraw consent, plus 12 months for audit purposes, and marketing engagement data such as opens and clicks is retained for 24 months. Cookie and analytics data is retained for up to 26 months, consistent with Google Analytics defaults. Fraud and abuse logs are retained for up to 5 years. Server logs and IP addresses are retained for 90 days unless flagged for security review.

After the retention period expires, we securely delete or irreversibly anonymize the data.

9. Data Security

We apply organizational, physical, and technical safeguards aligned with NPC guidance and industry best practice.

For encryption in transit, all pages use TLS 1.2 or higher with HSTS enabled. For encryption at rest, sensitive fields and credentials are encrypted using AES-256. For password protection, we use Bcrypt or Argon2 hashing and never store passwords in plain text. We enforce role-based access control with least-privilege principles and multi-factor authentication for staff. Our network security includes a web application firewall, DDoS protection, and intrusion detection. We require vendor due diligence with written data-processing agreements for all processors. We provide internal training on privacy and security to staff handling personal data, and we maintain audit logging of administrative actions for review. Our backup and recovery systems use encrypted backups with tested restoration procedures.

Your role: Use a strong unique password, enable two-factor authentication where available, and never share OTPs, passwords, or verification codes with anyone, including people claiming to represent GPDS. We will never ask for these outside of an active order you initiated.

10. Data Breach Notification

In the event of a personal data breach, GPDS will notify the National Privacy Commission within seventy-two (72) hours of becoming aware of the breach, in accordance with NPC Circular 16-03. We will also notify affected data subjects through email, in-app message, or other reasonable means, including the nature of the breach, the data involved, and the measures we are taking. We will take immediate corrective action to contain the breach, mitigate harm, and prevent recurrence, and we will document the incident and our response in accordance with NPC requirements.

11. Your Rights as a Data Subject

Under RA 10173, you have a clear set of rights over your personal data. GPDS Game Shop responds to verified data subject requests within fifteen (15) business days, and may extend this period by up to fifteen (15) additional days for complex requests, with prior notice to you.

You have the right to be informed about what data we collect and how it is used, which this policy provides. You have the right to access the personal data we hold about you. You have the right to object to processing based on consent or legitimate interest, including direct marketing. You have the right to rectification to correct inaccurate or incomplete data. You have the right to erasure or blocking to request deletion or suspension of your data, subject to legal retention requirements. You have the right to damages to be indemnified for damages from inaccurate or unauthorized use of your data. You have the right to data portability to receive your data in a structured, commonly used, machine-readable format. You have the right to file a complaint with the National Privacy Commission.

How to Exercise Your Rights

Send a request to [email protected] that includes your full name and registered email, the specific right you wish to exercise, any details that help us locate your records (such as your order ID or username), and a clear photo of a valid government-issued ID for verification (we redact this after verification and do not retain it longer than necessary).

Filing a Complaint with the NPC

If you believe your privacy rights have been violated and you are not satisfied with our response, you may file a complaint with the National Privacy Commission at the 5th Floor, Philippine International Convention Center, Vicente Sotto Avenue, Pasay City 1307, by email at [email protected], or through their website.

12. Children and Minors

GPDS Game Shop is intended for users who are at least eighteen (18) years old, consistent with general Philippine commercial practice and the protections afforded to minors under Philippine law.

If you are between 13 and 17 years old, you may use our services only with the verifiable consent and supervision of a parent or legal guardian, who must agree to this Privacy Policy on your behalf and remain responsible for all transactions.

We do not knowingly collect personal data from children under thirteen (13). If we learn that we have inadvertently collected such data, we will delete it promptly. Parents or guardians who believe their child has provided personal data may contact us at [email protected] for immediate assistance.

13. Marketing Communications

With your consent, we may send you promotional emails, SMS, push notifications, or messaging-app updates about new games, top-up products, and pre-orders, discount codes and limited-time promotions, tournaments, giveaways, and community events, and newsletter content and game guides.

You may opt out at any time by clicking the "unsubscribe" link in any email, replying STOP to SMS messages, disabling notifications in our app, or emailing [email protected] with the subject "Unsubscribe."

Even after opting out of marketing, we will continue to send transactional messages such as order confirmations, payment receipts, and security alerts, as these are necessary to fulfill your contract with us.

14. Third-Party Links and Services

Our website and blog may contain links to third-party websites, game publisher portals, social media, and payment providers. This Privacy Policy does not cover the privacy practices of those third parties. We encourage you to review their respective policies before sharing any personal data with them.

15. Updates to This Privacy Policy

We may revise this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we do, we will update the "Last Updated" date at the top, increment the version number, keep an internal change log, and for material changes, provide prominent notice on our website and, where appropriate, by email at least fifteen (15) days before the changes take effect.

Your continued use of GPDS Game Shop after the effective date of any update constitutes your acceptance of the revised policy.

16. Contact Information

For privacy-related concerns or any questions about this policy, you can reach us through our general support email at [email protected], or through our owner directly at [email protected].

You can also reach our customer support team through WhatsApp at +63 919 092 9112, on Telegram at @gpdsgameshop, on Facebook at facebook.com/GPDSgameShopPH, or through the live chat on https://gpdsgameshop.com.

Our support hours are 6:00 AM to 4:00 AM PHT, daily.

17. Consent and Acknowledgment

By creating an account, placing an order, or otherwise using GPDS Game Shop, you acknowledge that you have read and understood this Privacy Policy, you consent to the collection, use, and disclosure of your personal data as described, you are at least eighteen (18) years old or you have the verifiable consent of a parent or legal guardian, you will provide accurate information and notify us promptly of any changes, and you understand your rights under RA 10173 and how to exercise them.

If you do not agree with any part of this Privacy Policy, please discontinue use of our services and contact our support team with any concerns.

GPDS Game Shop — trusted, discounted top-ups for Filipino gamers since 2018. MLBB · Honor of Kings · Genshin Impact · Valorant · Ragnarok · Call of Duty Mobile · and more.