Privacy Policy

Who we are

When we say we, us or our in this privacy notice, we mean Steamforged Games Ltd, a company incorporated and registered in England and Wales with company number 9091884, and whose registered office is at Unit 1 Kestrel Road, Trafford Park, Manchester, England, M17 1SF, United Kingdom.

For the purposes of the Data Protection Legislation, we are the controller of your personal data. This means that we are responsible for deciding how we hold and use personal information about you.

Personal data we collect

Personal data means information which relates to an identified or an identifiable individual.


Identity data

Examples: Name; title; social media username; forum username

Contact data

Examples: Contact address; shipping address; billing address; email; telephone number

Transaction data

Examples: Details of orders placed and purchases made; details of payments to and from you

Financial data

Examples: Payment card details

Crowdfunding project data

Examples: Account name; amount pledged on our projects; rewards selected; project related communication with you

Usage data

Examples: Services you signed up to (e.g. our blogs); events you attended or expressed interest in

Enquiries data

Examples: Details of enquiries submitted via our website or emailed to us

Professional data

Examples: Job title; name of business or organisation; professional credentials; professional contact details

Technical data

Examples: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website

We do not routinely collect any special categories of personal data about you (meaning information about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, your health, and genetic and biometric data), nor do we collect any data relating to criminal convictions and offences.

We do not provide goods/services directly to children or collect their personal data. If you believe that we have received information relating to or from persons under the age of 18 please contact us. If we become aware that a person under the age of 18 has provided us with personal information we will take steps to delete such information.

We may also collect, use and share anonymised, aggregated data such as statistical or demographic data for any purpose. Anonymised data may be derived from your personal data but is not considered personal information in law as this information does not directly or indirectly reveal your identity. For example, we may aggregate information on how you use our website to calculate the percentage of users accessing a specific website feature.

Before you disclose to us the personal information of another person you must ensure that you have a lawful basis to do so. For information on when and how you can lawfully disclose personal data, please see the Information Commissioner’s Office Guide to the General Data Protection Regulation.

How we collect your data


Your use of our website

Example: When you purchase products through our website; sign up to our mailing list; submit an online enquiry; subscribe to our blogs; complete a survey; or give us your feedback.

Direct interactions with you

Example: When you first contact us (e.g. by phone or email); when you interact with us through our social media profiles (e.g. on Facebook, Twitter, Instagram, or Twitch); when you sign up or attend our conferences and community events; when you register interest in our products; when you give us your business card.

Directly from a third party

Example: When you back our crowdfunding project on Kickstarter or Backerkit

Automated technologies or interactions

Example: As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see our Cookies Notice for further details.

How and why we use personal data

Under the Data Protection Legislation, we can only use your personal data if we have a proper reason for doing so. For example, because:

  • you have given us your consent;
  • it is necessary for the performance of a contract; or
  • it is necessary for our legitimate interests or those of a third party.


Generally we do not rely on consent as a legal basis for processing your personal data other than:

  • to place cookies on your device (please see our Cookie Notice for further details);
  • to enable to you to take part in our events;
  • to send you our newsletters; and
  • to send you electronic marketing communication (if you are not our existing customer).

Where your permission is required, we will ask you for such consent separately and clearly. You have the right to withdraw consent to marketing at any time by contacting us or using the ‘unsubscribe’ link in our marketing emails. Even if we are not required to obtain your consent for marketing purposes, you can still opt-out of receiving marketing communications at any time, so you are still in control.

If you submit personal information for publication on our website or another location, we will publish and otherwise use that information in accordance with the permission which you grant to us.


We will use your personal data if we need to do it to perform our obligations under a contract with you, or if it is necessary for a contract which we are about to enter with you. For example, if we need to:

  • register you as a new customer or administer your account;
  • manage our relationship with you (e.g. to respond to your enquires or to notify you about changes to our services);
  • process or deliver your order; and
  • enable you to partake in a competition or a prize draw.

Legitimate interests

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We rely on our own, and/or or a third party’s legitimate interests, when we process your data for the following purposes:

  • to administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
  • to manage our relationship with you;
  • to manage payments;
  • to deal with your enquiries;
  • to ask you to leave a review or complete a survey;
  • to send you our updates or other electronic marketing communications (when you are our existing customer or have enquired about our products;
  • to engage with you though our social media profiles;
  • to fund our projects through crowdfunding campaigns run of Kickstarter and Backerkit to which you sign up;
  • to run our community events (e.g. conventions);
  • to increase our business or promote our brand through delivering relevant website content and advertisements to you and marketing communication;
  • to measure or understand the effectiveness of the advertising we provide to you;
  • to improve our website, products, services, marketing, and customer relationships and understanding;
  • to conduct web analytics;
  • for the prevention and detection of fraud; and
  • to interact with you professionally (if you represent our supplier or other business party);
  • for the establishment, exercise or defence of legal claims.

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or structure of our business.

Who we share personal data with

We may share your information with third parties for the purposes set out in this notice. For example, we may:

  • share your personal data with our suppliers which we use to operate our business (for example our e-commerce platform provider, online inventory and order processing provider, accounting software provider, shipping software provider, payment processing providers, carrier services providers, website data analytics providers, loyalty programmes and marketing software providers). We have contracts in place with these providers to ensure that they can only use your personal data to provide services to us and to you;
  • disclose your personal data to professional advisers (e.g. lawyers, accountants, auditors or insurers) who provide professional services to us;
  • disclose your personal data to certain third parties if specifically requested or agreed with you (e.g. if you ask us to introduce you to a third party);
  • disclose and exchange certain information with law enforcement agencies and regulatory bodies to comply with our legal obligations; and
  • share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.

International transfers

We may transfer your personal data to a destination outside of the United Kingdom. Transfers of data outside the European Economic Area (EEA) are subject to special rules under the Data Protection Legislation. You can find information in this regard at the European Commission’s website.

We use cloud-based platforms and tools for the purpose of running our website, selling our products and our marketing activities. The providers of these tools are based either in the EEA, Canada or the US. Those who are based in the US subscribe to the EU-US Privacy Shield framework. Transfers of personal data to commercial organisations based in Canada and to organisations subscribing to the Privacy Shield framework are deemed by the European Commission to provide an appropriate level of protection.

We also use an online inventory and order processing provider based in Singapore. We safeguard the international transfers of personal data to that provider by means of contractual obligations based on the standard provisions approved by the European Commission.

How long we keep personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. For example, if you:

  • subscribe to our updates, we will hold your data for that purpose until you unsubscribe or otherwise tell us that you no longer wish to receive such communications; and
  • are our customer, we will hold your data for the purposes set out in this privacy policy for up to six years after the end of our relationship with you.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Your rights

You have a number of rights in relation to your personal data, which allow you to access and control your information in certain circumstances. You can exercise these rights free of charge, unless your request is manifestly unfounded or excessive (in which case we may charge a reasonable administrative fee or refuse to respond to such request).

Under certain circumstances, you have the following data protection rights:


Explanation: This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.


Explanation: The right to require us to correct any inaccuracies in your personal data.

Erasure (to be forgotten)

Explanation: The right to require us to delete your personal data in certain situations.

Restriction of processing

Explanation: The right to require us to restrict processing of your personal data in certain circumstances (e.g. if you contest the accuracy of the data we hold).

Data portability

Explanation: The right to receive, in certain situations, the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party.

To object

Explanation: The right to object at any time to your personal data being processed for direct marketing (including profiling) or, in certain other situations, to our continued processing of your personal data (e.g. processing carried out for the purpose of our legitimate interests).

Not to be subject to automated individual decision-making

Explanation: The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you, or similarly significantly affects you.

If you would like to exercise any of those rights, please contact us. Please let us know what right you want to exercise and the information to which your request relates.

For further information on your rights, please see the Information Commissioner’s Office Guide to the General Data Protection Regulation

Keeping personal data secure

We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.


We hope that we can resolve any query or concern you may raise about our use of your information. You may contact us by using the contact methods set out in the How to contact us section of this policy.

The Data Protection Legislation also gives you a right to lodge a complaint with a supervisory authority, in particular in the European Union (or the European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws has occurred. The supervisory authority in the UK is the Information Commissioner, who may be contacted at or by telephone on: 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the Information Commissioner’s Office, so please contact us in the first instance.

How to contact us

If you have any questions about this privacy notice, (including any requests to exercise your legal rights) please contact us by either:

  1. using our website contact form at the SFG Support Hub; or
  2. phone on tel. (0044)(0)161 429 0000.

Changes to this privacy notice

This privacy policy was last updated on 8th April 2019.


Our websites use cookies to distinguish you from other users of our websites. This helps us to provide you with a good experience when you browse our websites. It also allows us to improve our websites and services.

A cookie is a small data file placed on your browser or the hard drive of your computer or other devices (such as smartphones or tablets). Cookies contain information that is transferred to your computer's hard drive.

We use the following types of cookies:

  • Strictly necessary cookies

    These are cookies that are required for the operation of our websites. They include, for example, cookies that enable you to log into secure areas of our websites.

  • Analytical/performance cookies

    They allow us to recognise and count the number of visitors and to see how visitors move around our websites when they are using them. This helps us to improve the way our websites work, for example, by ensuring that users are finding what they are looking for easily.

  • Functionality cookies

    These are used to recognise you when you return to our websites. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

  • Targeting cookies

    These cookies record your visit to our websites, the pages you have visited and the links you have followed. We will use this information to make our websites and the advertising displayed on them more relevant to your interests. We may also share this information with third parties for this purpose.]