Privacy Policy of Wincdkey Ltd

Effective Date: 5 January 2021
Last Updated: 23 May 2026

Wincdkey Ltd (“Wincdkey“, “we“, “us“, or “our“) operates wincdkey.com (the “Website“), an online retail store selling genuine digital software licence keys including Windows operating systems, Microsoft Office, antivirus software, and related products.

This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data. By using our Website or placing an order, you agree to the practices described in this policy.

Wincdkey Ltd is a company registered in England and Wales (Company No. 15530488), with its registered office at 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom. We are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

1.1 Personal Data You Provide

When you create an account, place an order, or contact us for support, we may collect the following personal information:

  • Full name
  • Email address
  • Billing address (including country, city, postcode)
  • Payment method details (processed securely via our payment providers — we do not store full card numbers)
  • Phone number (if provided)
  • Order history and product licence keys purchased
  • Communications you send to our Help & Support Centre

1.2 Data Collected Automatically

When you visit wincdkey.com, we automatically collect certain technical data, including:

  • IP address and approximate location (country/region)
  • Browser type and version
  • Device type and operating system
  • Pages visited and time spent on the Website
  • Referring URL (how you arrived at our site)
  • Cookie data (see Section 5 below)

1.3 Data from Third Parties

We may receive data about you from third-party services we use to operate the Website, such as payment processors, fraud prevention tools, and analytics providers. This data is used solely to process your order and improve site performance.

2. How We Use Your Data

We use the personal data we collect for the following purposes:

  • Order fulfilment: To process your purchase, deliver your software licence key by email, and manage your account on the My Account page.
  • Customer support: To respond to enquiries submitted through our Help & Support Centre, including activation and installation assistance covered in our Installation & Activation Guide.
  • Order tracking: To allow you to monitor the status of your purchase via our Order Tracking page.
  • Legal compliance: To meet our obligations under UK and EU law, including maintaining transaction records and responding to lawful requests from authorities.
  • Fraud prevention: To detect and prevent fraudulent transactions and abuse of our services.
  • Website improvement: To analyse how visitors use our site and improve the shopping experience.
  • Marketing communications: To send you promotional emails about offers, new products, or updates — only if you have opted in or are an existing customer. You may unsubscribe at any time.

We will never sell your personal data to third parties for their own marketing purposes.

3. Legal Basis for Processing (UK & EU Customers)

Under the UK GDPR and GDPR, we process your personal data on the following legal grounds:

  • Contract performance: Processing is necessary to fulfil your order and provide the services you have purchased.
  • Legal obligation: We are required to retain certain financial and transaction records for tax and legal compliance purposes.
  • Legitimate interests: We process some data (such as analytics and fraud detection) based on our legitimate interest in operating a secure and well-functioning online store, provided this does not override your rights.
  • Consent: For marketing emails and non-essential cookies, we rely on your explicit consent, which you may withdraw at any time.

4. Sharing Your Data

We do not sell or rent your personal data. We may share your information with trusted third parties only where necessary:

  • Payment processors: To securely handle payment transactions (e.g. Stripe, PayPal, or similar providers).
  • Email delivery providers: To send your licence key and order confirmation to the email address you provided.
  • Analytics tools: Such as Google Analytics, to help us understand website traffic and user behaviour in aggregate, anonymised form.
  • Authorised distributors: 1D3 Digitech OÜ is an authorised global distributor of wincdkey.com and may be involved in order processing.
  • Legal authorities: Where we are legally required to disclose data (e.g. in response to a court order, law enforcement request, or to protect the safety of our users or the public).

All third-party service providers are contractually required to process your data securely and only for the purposes we specify.

5. Cookies & Tracking Technologies

We use cookies and similar technologies (pixels, tags, scripts) to operate the Website, remember your preferences, and understand how visitors interact with our pages.

Types of Cookies We Use

  • Essential cookies: Required for the Website to function, including your shopping cart, login session, and checkout process.
  • Preference cookies: Remember your settings such as language, currency selection, and login details.
  • Analytics cookies: Collect anonymised data about how you use the site to help us improve performance.
  • Marketing cookies: Used to show you relevant advertisements and track the effectiveness of promotional campaigns (only with your consent).

You can manage or disable cookies through your browser settings at any time. Please note that disabling essential cookies may affect your ability to use certain features of the Website, including placing an order.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy:

  • Order records: Retained for a minimum of 6 years to comply with UK tax and financial regulations.
  • Account data: Retained while your account is active. You may request account deletion at any time (see Section 7).
  • Support communications: Retained for up to 2 years after your last interaction with us.
  • Marketing data: Retained until you unsubscribe or withdraw consent.

7. Your Rights

If you are based in the UK or European Economic Area (EEA), you have the following rights regarding your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may ask us to correct inaccurate or incomplete data.
  • Right to erasure: You may request that we delete your personal data, subject to legal retention obligations.
  • Right to restrict processing: You may ask us to limit how we use your data in certain circumstances.
  • Right to data portability: You may request a copy of your data in a commonly used, machine-readable format.
  • Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us using the details in Section 9. We will respond within 30 days in accordance with applicable law.

8. Data Security

We take the security of your personal data seriously. We implement industry-standard technical and organisational measures to protect your information from unauthorised access, disclosure, alteration, or destruction. These include:

  • SSL/TLS encryption for all data transmitted to and from the Website
  • Secure, access-controlled storage of personal data
  • Regular review of our data handling and security practices
  • Payment data handled exclusively by PCI DSS-compliant payment providers

While we take all reasonable precautions, no method of transmission over the internet is completely secure. In the unlikely event of a data breach that poses a high risk to your rights, we will notify you and the relevant authorities as required by law.

9. International Data Transfers

Wincdkey Ltd is based in the United Kingdom. If you are accessing our Website from outside the UK, your data may be transferred to and processed in the UK or other countries where our service providers operate. In all cases, we ensure appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements.

10. Children’s Privacy

Our Website is intended for users aged 18 and over. We do not knowingly collect personal data from children under the age of 18. If you believe we have inadvertently collected information from a minor, please contact us immediately and we will take steps to delete it.

11. Links to Third-Party Websites

Our Website may contain links to external sites, including our Trustpilot reviews page and our Microsoft Partner verification listing. We are not responsible for the privacy practices of those external websites and encourage you to review their policies separately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. When we make material changes, we will update the “Last Updated” date at the top of this page and, where appropriate, notify you by email or through a notice on the Website.

We encourage you to review this page periodically. Continued use of the Website after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:

For general questions about your orders, refunds, or activation support, you may also visit our FAQs page or our Refunds & Returns policy.