Privacy policy

Privacy Policy

Effective date: 02/03/2026
Last updated: 02/03/2026

Version 1

This Privacy Policy explains how OMNISCIENCE CARE SERVICES LTD collects, uses, shares and protects personal data when you use togetkey.com (the Site), create an account, contact support, or purchase digital products (Digital Content, such as activation keys and access codes). It is intended to provide the privacy information required by the UK GDPR and the Data Protection Act 2018.

  1. Controller and contact details
    1.1 Data controller. The data controller is OMNISCIENCE CARE SERVICES LTD (company number 13719649), registered office: Dept 6378a 126 East Ferry Road, Canary Wharf, London, United Kingdom, E14 9FP.
    1.2 Contact. If you have questions about this Privacy Policy or how we handle your personal data, contact us at info@togetkey.com.
    1.3 DPO. We have not appointed a data protection officer (DPO). If we do so in the future, we will update this Privacy Policy with the DPO’s contact details.
  2. Scope and who this policy applies to
    2.1 This Privacy Policy applies to personal data relating to visitors and customers, including account holders and purchasers.
    2.2 The Site is intended for users aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at info@togetkey.com.
  3. Personal data we collect
    We collect personal data in the following categories (not all will apply to every user):

3.1 Account and profile data
This may include your email address, username/display name (if used), account settings and preferences, and information you provide to us when you register or manage your account. We store passwords using secure hashing and do not store them in plain text.

3.2 Order, delivery and service data
This may include items purchased, order status, delivery status, keys delivered (or confirmation that delivery occurred), timestamps, and information needed to provide access to your purchase (for example displaying a key in your account area and/or sending it by email).

3.3 Payment and transaction data
We receive information about payment status and the transaction (such as amount, currency, time, and transaction identifiers). Full card details are handled by the payment provider and are not stored by us.

3.4 Support, complaints and dispute data
If you contact support or raise a complaint, we will process the content of communications, your order number, evidence you provide (such as screenshots), and records of how the issue was resolved (including replacement or refund decisions).

3.5 Technical, device and usage data
When you use the Site, we may collect information such as IP address, device and browser information, operating system, language settings, pages visited, actions taken on the Site, logs relating to security and fraud prevention, and cookie identifiers.

3.6 Cookie and similar technology data
We use cookies and similar technologies to enable core functionality, security, and (where used) analytics and marketing features. More detail is in section 9.

  1. How we collect personal data
    4.1 From you directly, for example when you create an account, place an order, or contact support.
    4.2 Automatically, for example through server logs and cookies when you use the Site.
    4.3 From service providers involved in processing your payment or delivering the service, such as payment processors and technical providers, where they share transaction status, fraud signals, or delivery status with us.
  2. How we use personal data and our lawful bases
    Under the UK GDPR we must have a lawful basis for each processing activity. We use personal data for the purposes below:

5.1 To provide the Site and your account
Purpose: creating and managing accounts, authenticating logins, showing your order history and delivery status, and operating the Site’s core features.
Lawful basis: performance of a contract (UK GDPR Article 6(1)(b)) and, where relevant, legitimate interests (Article 6(1)(f)) in operating a secure and functional service.

5.2 To process orders, take payment and deliver Digital Content
Purpose: processing your order, confirming payment status, delivering keys by making them available to your account and/or sending them by email, and handling operational communications about your purchase.
Lawful basis: performance of a contract (Article 6(1)(b)).

5.3 To provide customer support and handle complaints and disputes
Purpose: responding to enquiries, troubleshooting key activation issues, verifying whether a key is invalid/duplicated/already redeemed, and administering refunds or replacements where applicable.
Lawful basis: performance of a contract (Article 6(1)(b)); legal obligation where applicable; and legitimate interests (Article 6(1)(f)) in resolving issues and improving service quality.

5.4 To prevent fraud, keep the Site secure, and enforce our Terms
Purpose: fraud screening, account security, investigating suspicious activity (including chargeback abuse), protecting our users and business, and enforcing our Terms and policies.
Lawful basis: legitimate interests (Article 6(1)(f)).
Our legitimate interests include maintaining the security of the Site and payment flows, preventing misuse, and protecting customers and our business from fraud and unauthorised access.

5.5 Statutory Rights and Digital Content
We process your purchase data to fulfill our legal obligations under the UK Consumer Rights Act 2015. This includes maintaining records of your “right to repair” or replacement if a digital key is found to be defective, and processing data for the 14-day cancellation period (unless you have started the download and waived this right).

5.6 To meet legal and regulatory obligations
Purpose: meeting accounting and tax obligations, responding to lawful requests, and keeping records required by law.
Lawful basis: legal obligation (Article 6(1)(c)).

5.7 Marketing communications and preference management
Purpose: sending marketing emails where you have opted in, and managing your marketing preferences (such as unsubscribe requests).
Lawful basis: consent (Article 6(1)(a)) for electronic marketing where required, and legitimate interests (Article 6(1)(f)) for maintaining suppression lists to ensure we respect your preferences.

5.8 Cookies and similar technologies
Purpose: operating essential cookies for core functionality and security; and, where used, analytics/advertising cookies.
Lawful basis: legitimate interests for strictly necessary cookies; consent where required for non-essential cookies.

  1. Sharing and recipients
    We share personal data only where necessary for the purposes described above, including with:

6.1 Payment providers
To process payments, confirm payment status, and support fraud prevention and dispute handling. Payment providers process payment card details and provide us transaction status and identifiers.

6.2 Fulfilment and supplier partners and integration providers
To source and deliver keys, to retrieve delivery status, and to investigate issues such as invalid or already redeemed keys.

6.3 Hosting, infrastructure, analytics and security providers
To host and operate the Site, provide content delivery, monitor performance, and protect against malicious traffic and unauthorised access.

6.4 Email and customer support providers
To send transactional emails (such as order confirmations and key delivery messages) and to manage customer support communications.

6.5 Professional advisers and authorities
To our legal, accounting and other advisers where necessary, and to regulators, courts, law enforcement or other authorities where we are legally required to do so or where it is necessary to protect rights and prevent wrongdoing.

  1. International transfers and record retention
    The Company is incorporated in the United Kingdom. While we may use service providers and data centres located in the European Economic Area (EEA) and globally, your data is primarily governed by UK data protection standards. Where data is transferred outside the UK or EEA, we ensure standard contractual clauses or adequacy regulations are in place.

7.1 Retention
We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, including to comply with legal obligations, resolve disputes, and enforce agreements. Notwithstanding account inactivity, we are required by UK tax law (HMRC) to retain records of financial transactions (including name, address, and transaction details) for a minimum of six (6) years following the end of the relevant tax year.

7.2 Typical retention periods (as a guide)
(a) Order and payment records: retained in line with HMRC/tax requirements and to manage disputes (see section 7.1).
(b) Support records: typically retained for up to 24 months after case closure, unless a longer period is necessary due to an ongoing dispute or legal requirement.
(c) Security logs: typically retained for up to 180 days, unless we need to keep them longer to investigate security incidents or fraud.
(d) Marketing preferences: retained until you unsubscribe/withdraw consent, and we may keep a minimal record of your preference to ensure we respect it.

  1. Your rights and how to complain
    8.1 Your rights
    Depending on your circumstances, you may have rights under UK data protection law including the right to access your personal data, correct inaccurate data, request erasure, request restriction, object to processing, request data portability, and withdraw consent where processing is based on consent.

8.2 How to exercise your rights
To exercise your rights, contact us at info@togetkey.com. We may need to verify your identity before responding. We will respond within the time limits set by UK data protection law.

8.3 Complaints
You may lodge a complaint with the Information Commissioner’s Office (ICO). You have the right to complain to them at any time (www.ico.org.uk), though we appreciate the chance to deal with your concerns before you approach them.

  1. Cookies and similar technologies (PECR)
    9.1 We use cookies and similar technologies to enable the Site to function, to keep it secure, and to remember your preferences.
    9.2 Some cookies are strictly necessary (for example for login sessions, fraud prevention, or security). For non-essential cookies (for example analytics and advertising cookies), we will request your consent where required.
    9.3 You can usually manage cookies through your browser settings and, where implemented on the Site, through our cookie consent tool.
    9.4 For general guidance, you can review the ICO’s cookies information: https://ico.org.uk/for-the-public/online/cookies/
  2. Automated decision-making and profiling
    10.1 We may use automated tools to help prevent fraud and secure the Site, such as risk scoring based on transaction signals or account behaviour.
    10.2 We do not intend to make decisions that produce legal or similarly significant effects solely by automated means without appropriate safeguards. If such a situation arises, you may have additional rights under UK data protection law. You can contact us at info@togetkey.com for more information.
  3. Security
    11.1 We implement appropriate technical and organisational measures designed to protect personal data, including access controls, least-privilege practices, and encryption in transit where supported.
    11.2 No system is completely secure. You should also protect your account by using a strong password and keeping your login details confidential.
  4. Changes to this Privacy Policy
    12.1 We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. We will post the updated version on the Site and update the effective date and last updated date above.
    12.2 Where changes are material, we may take additional steps to notify you (for example via email or a notice on the Site).