GDPR Compliance - Microsoft Digital Product Keys USA & Canada

In this document

Scope & Applicability
Data Controller
Personal Data We Process
Lawful Basis
Your Rights Under GDPR
How to Exercise Your Rights
International Data Transfers
Data Retention
Security Measures
Data Breach Notification
Sub-Processors
Filing a Complaint
Contact

01Scope & Applicability

This GDPR Compliance statement applies to residents of the European Union (EU), the European Economic Area (EEA), and the United Kingdom (UK) when their personal data is processed by Makers Unity LLC in connection with mmkeys.com. It complements our general Privacy Policy, which applies to all customers.

02Data Controller

For the purposes of the GDPR (Regulation (EU) 2016/679) and the UK GDPR, the data controller is:

Makers Unity LLC
1309 Coffeen Avenue, STE 1200, Sheridan, WY 82801, USA
Email: Support@MMKeys.com

Because Makers Unity LLC is established outside the EU and UK and does not currently meet the threshold requiring a designated EU/UK representative under Article 27 GDPR, all requests should be sent directly to the contact above.

03Personal Data We Process

We process the categories of personal data described in our Privacy Policy, including identification data (name, email), contact data (phone, address), transactional data (orders, invoices), and technical data (IP address, device, cookies). We do not knowingly collect any special categories of data (e.g. health, religion, political opinions).

04Lawful Basis

Each processing activity is supported by at least one of the following lawful bases under Article 6 GDPR:

Article 6(1)(b) — Contract: processing necessary to fulfill your order and deliver the license key.
Article 6(1)(c) — Legal obligation: retention of invoices and accounting records under tax law.
Article 6(1)(f) — Legitimate interests: securing the Site, preventing fraud, and basic analytics; balanced against your fundamental rights.
Article 6(1)(a) — Consent: marketing emails and non-essential cookies; withdrawable at any time.

05Your Rights Under GDPR

If you are in the EU, EEA, or UK, you have the following rights regarding your personal data:

Right of Access (Art. 15)Obtain confirmation of whether we process your data and a copy of it.

Right to Rectification (Art. 16)Have inaccurate or incomplete data corrected.

Right to Erasure (Art. 17)Request deletion, subject to legal retention obligations.

Right to Restriction (Art. 18)Limit processing in certain circumstances.

Right to Portability (Art. 20)Receive your data in a structured, machine-readable format.

Right to Object (Art. 21)Object to processing based on legitimate interest or direct marketing.

Withdraw Consent (Art. 7)Withdraw at any time for consent-based processing.

Lodge a Complaint (Art. 77)File a complaint with your national supervisory authority.

06How to Exercise Your Rights

Send your request to Support@MMKeys.com with the subject line "GDPR Request". Include:

The right you wish to exercise (access, deletion, etc.).
The email address used on your MMKeys account or order.
Any relevant order number(s).
Sufficient information to verify your identity (we may ask for additional verification before processing requests involving deletion or large data exports).

We respond within 30 days. If a request is particularly complex, we may extend the period by up to a further 60 days and will explain the reason. Exercising your rights is free of charge, except for manifestly unfounded or excessive requests.

07International Data Transfers

Because Makers Unity LLC is based in the United States, personal data processed in connection with the Site is transferred to and stored in the U.S. For transfers from the EU/EEA/UK to the U.S., we rely on appropriate safeguards under Articles 45–49 GDPR, which may include:

Standard Contractual Clauses (SCCs) approved by the European Commission.
UK International Data Transfer Addendum for UK transfers.
Service providers self-certified under the EU–U.S. Data Privacy Framework.

A list of our key sub-processors and the safeguards we rely on can be requested at any time by emailing Support@MMKeys.com.

08Data Retention

We retain personal data only for as long as needed for the purposes for which it was collected, or as required by law. Specific retention periods are listed in our Privacy Policy. When the retention period ends, data is securely deleted or anonymized.

09Security Measures

In line with Article 32 GDPR, we maintain appropriate technical and organizational measures to protect personal data, including:

TLS/SSL encryption of data in transit.
Encrypted databases at rest.
Role-based access controls and the principle of least privilege.
Regular software updates and security patching.
PCI-DSS compliant payment processors that handle card data on our behalf.
Logging and monitoring of administrative access.

10Data Breach Notification

If a personal data breach is likely to result in a risk to the rights and freedoms of data subjects, we will notify the competent supervisory authority within 72 hours of becoming aware of it. Where the breach is likely to result in a high risk, we will also inform affected individuals without undue delay.

11Sub-Processors

We engage carefully vetted sub-processors to help operate the Site — for example, hosting, payment processing, email delivery, fraud prevention, and analytics. Each sub-processor is bound by a written agreement that requires them to apply GDPR-equivalent protections. An up-to-date list can be requested at Support@MMKeys.com.

12Filing a Complaint

If you believe your data has been handled in breach of the GDPR, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint directly with your national supervisory authority. A directory is available at edpb.europa.eu (EU/EEA) or with the Information Commissioner's Office at ico.org.uk (UK).

13Contact

All GDPR-related correspondence:

Makers Unity LLC — Data Protection

1309 Coffeen Avenue, STE 1200

Sheridan, WY 82801, USA

Support@MMKeys.com · (307) 303-9251