HomeGift Cards
eSIM

Privacy Policy

Last Updated: 19 Jan. 2026

1.Introduction

This Privacy Policy explains how Hala Media Marketing Services (“Refillarena,” “we,” “our,” or “us”) collects, uses, shares, and protects personal information about visitors to and users of the website refillarena.com, the Refillarena mobile applications for iOS and Android, and any related services we operate (together, the “Platform”).

Refillarena lets you buy gift cards, in-game top-ups, mobile airtime, eSIMs, and similar digital products and pay for them with cryptocurrencies or, where available, with a credit or debit card. We respect your privacy and aim to handle personal information in a transparent, fair, and lawful way.

This Privacy Policy applies only to information collected through the Platform. It does not apply to information collected offline, by other companies, or via third-party services that have their own privacy notices, even if those services are linked from the Platform.

By using the Platform you confirm that you have read this Privacy Policy. If you do not agree with how we handle personal information, please do not use the Platform.

2.Who We Are and How to Contact Us

The data controller responsible for personal information collected through the Platform is:

Hala Media Marketing Services

Operating Refillarena (refillarena.com)

Dubai, United Arab Emirates

Email: support@refillarena.com

Privacy enquiries: privacy@refillarena.com

Support: https://refillarena.com/en/contact-us

3.Information We Collect

We collect the following categories of information:

3.1Information you provide directly

  • Account and contact details: name, email address, country, language, phone number (if provided), and any other details you choose to share when you register, contact us, or subscribe to a newsletter.
  • Order details: the products you purchase, denominations, recipient details (such as a game player ID, telephone number for mobile top-ups, or e-SIM device identifiers), and any voucher or promo codes you redeem.
  • Communications: messages, attachments, and feedback you send us by email, contact form, in-app chat, or other support channel.
  • Compliance information: where required by law or where a transaction is flagged for fraud or sanctions screening, additional identification documents, proof of address, source-of-funds information, or wallet ownership confirmations.

3.2Information collected automatically

  • Device and log data: IP address, device identifiers, browser type and version, operating system, language settings, time zone, referring and exit pages, and the date and time of each visit.
  • Usage data: pages and screens viewed, links clicked, products browsed, items added to cart, completed and abandoned orders, search queries, and similar analytics events.
  • Cookie and identifier data: information collected through cookies, software development kits, pixels, web beacons, and similar technologies (see Section 5).
  • Approximate location: inferred from your IP address and used for regional pricing, fraud prevention, and compliance.

3.3Transaction and payment information

  • Cryptocurrency payments: the public blockchain address you send payment from (the “sender address”), the deposit address we generate for your order, transaction hash, amount, network, time stamp, and the number of network confirmations. We do not access or store the private keys to any wallet.
  • Card and other payments: limited information needed to confirm a card payment, such as the last four digits, card brand, country of issuance, and authorisation result. Full card numbers and security codes are handled by our PCI-compliant payment service providers and are not stored by Refillarena.
  • Risk and fraud signals: scores, flags, and other signals produced by our payment service providers and by blockchain analytics tools to help detect suspicious activity.

3.4Information from third parties

  • Payment service providers and card networks (transaction confirmation, fraud and chargeback data);
  • Gift card and top-up issuers, distributors, and fulfilment partners (order status, redemption status);
  • Blockchain analytics and sanctions-screening providers (compliance signals about wallets and transactions);
  • Advertising and marketing partners, including Microsoft Advertising (Bing Ads) and Google Ads (campaign performance, conversion events, audience signals);
  • Social networks where you choose to interact with us (such as Facebook, X/Twitter, Instagram, TikTok, Pinterest, and YouTube).

4.How We Use Your Information

We process personal information for the following purposes:

  • Providing the Platform: creating and managing your account, processing orders, delivering purchased Products, and providing customer support.
  • Payments: processing crypto and card payments, generating deposit addresses, confirming on-chain or card payments, and managing refunds or credits where applicable.
  • Fraud prevention, security, and compliance: detecting and preventing fraud, money laundering, terrorist financing, sanctions evasion, account takeover, and other unlawful or abusive activity; complying with anti-money-laundering, counter-terrorism-financing, sanctions, tax, accounting, and other legal obligations; responding to lawful requests from authorities.
  • Service improvement: understanding how the Platform is used, measuring performance, fixing bugs, testing new features, and improving the User experience.
  • Communications: sending you transactional emails (such as order confirmations, code delivery, and account notifications) and, where permitted, marketing communications, special offers, surveys, and updates. You can opt out of marketing emails at any time using the unsubscribe link or by contacting us.
  • Advertising: measuring the effectiveness of our marketing campaigns and, where you consent or where permitted by applicable law, showing you personalised ads on third-party platforms.
  • Legal claims and enforcement: establishing, exercising, or defending legal claims, enforcing our Terms and Conditions, and protecting our rights, property, and the safety of our users and the public.

4.1Legal bases (for users in the EEA, UK, and Switzerland)

Where the EU/UK General Data Protection Regulation applies to our processing, we rely on the following legal bases:

  • Performance of a contract – to provide the Platform, fulfil orders, and deliver customer support.
  • Legal obligation – to comply with anti-money-laundering, counter-terrorism-financing, sanctions, tax, accounting, and consumer-protection laws.
  • Legitimate interests – to operate, secure, and improve the Platform, prevent fraud and abuse, conduct analytics, and pursue our marketing activities, in each case where those interests are not overridden by your rights.
  • Consent – for certain marketing communications, non-essential cookies, and any other processing where consent is required. You can withdraw consent at any time without affecting the lawfulness of processing carried out beforehand.

5.Cookies and Similar Technologies

We use cookies, software development kits, pixels, web beacons, and similar technologies to make the Platform work, remember your preferences, analyse traffic, and support marketing.

5.1Categories of cookies we use

  • Strictly necessary: required for the Platform to operate, such as keeping you signed in, remembering items in your cart, and routing payments. These cannot be switched off in our systems.
  • Functional: remember choices such as language, currency, and region.
  • Analytics: help us understand how the Platform is used so that we can improve it.
  • Advertising: help us measure the effectiveness of our campaigns and deliver more relevant ads on third-party platforms.

5.2Third-party advertising and analytics partners

We use trusted third-party providers to help us understand visitors and to deliver advertising. These providers may set cookies or use similar technologies to collect information about your activity on the Platform and on other websites over time, including your IP address, device and browser data, and pages viewed. The information collected is generally pseudonymous and is used to measure ad performance, build audiences, and show ads that may be of interest to you. Our key advertising and analytics partners include:

  • Microsoft Advertising (Bing Ads) and the Microsoft UET tag – campaign measurement and conversion tracking. You can manage Microsoft personalization through the Microsoft Privacy Dashboard at privacy.microsoft.com.
  • Google Ads, Google Analytics, and Google Tag Manager – analytics and ad measurement. You can opt out via Google Ads Settings at adssettings.google.com or the Google Analytics opt-out browser add-on at tools.google.com/dlpage/gaoptout.
  • Meta (Facebook) Pixel, X (Twitter) Pixel, TikTok Pixel, Pinterest Tag – advertising performance and remarketing on the respective social networks.

You can also opt out of much interest-based advertising through industry tools such as the Network Advertising Initiative (optout.networkadvertising.org), the Digital Advertising Alliance (optout.aboutads.info), and the European Interactive Digital Advertising Alliance (youronlinechoices.eu).

5.3Managing cookies

Where required by applicable law, we ask for your consent before placing non-essential cookies on your device and present a cookie banner that lets you choose which categories to allow. You can also clear, block, or limit cookies through your browser or device settings, but please note that blocking strictly necessary cookies may prevent the Platform from functioning correctly.

6.How We Share Your Information

We share personal information only with parties that need it for the purposes described in this Privacy Policy and under appropriate confidentiality or contractual safeguards. We share information with the following categories of recipients:

  • Gift card and top-up issuers, distributors, and fulfilment partners – so that purchased Products can be issued and delivered, and so that issues can be investigated.
  • Payment service providers and card networks – to authorise and settle crypto and card payments, manage chargebacks, and detect fraud.
  • Compliance, KYC, and blockchain-analytics providers – to screen wallets and transactions for sanctions, fraud, and money-laundering risk where required.
  • Cloud hosting, IT, security, and customer-support providers – who host the Platform, store logs, run helpdesk and ticketing systems, and provide email or messaging infrastructure under data-processing agreements.
  • Analytics and advertising partners – such as Microsoft Advertising, Google, and the social-media platforms identified in Section 5.
  • Professional advisers – including lawyers, auditors, accountants, and insurers, where reasonably necessary.
  • Authorities and other parties when legally required – including law-enforcement, tax authorities, regulators, courts, and other parties where we believe in good faith that disclosure is necessary or appropriate to comply with the law, enforce our Terms, protect our rights or those of others, or prevent fraud or illegal activity.
  • In a corporate transaction – if Refillarena is involved in a merger, acquisition, financing, restructuring, sale of assets, or insolvency, personal information may be transferred to the relevant counterparties subject to standard confidentiality protections.

We do not sell personal information for money. Some of the advertising-related sharing described above may, however, qualify as a “sale” or “share” for purposes of certain US state privacy laws; users in those jurisdictions can opt out as described in Section 9.

7.A Note About Blockchain Transactions

When you pay with a cryptocurrency, the transaction is recorded on a public blockchain such as Bitcoin, Ethereum, Solana, Tron, Polygon, or Binance Smart Chain. Public blockchains are inherently transparent: the sending address, receiving address, amount, and time stamp are visible to anyone with access to the network and cannot be deleted, anonymised, or rectified by Refillarena. By choosing to pay with cryptocurrency you accept that this on-chain information will be publicly available.

Refillarena links blockchain transaction data to your order and account internally so that we can confirm payment and provide support. We treat that link as personal information and protect it in accordance with this Privacy Policy.

8.International Data Transfers

Refillarena is established in the United Arab Emirates and works with service providers in other countries, including the European Economic Area, the United Kingdom, the United States, and other jurisdictions. Personal information may therefore be transferred to, stored in, and processed in countries whose data-protection laws differ from those of your country of residence.

Where required by applicable law, we put in place appropriate safeguards for international transfers, such as Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Addendum, or equivalent mechanisms. You can request a copy of the relevant safeguards by contacting us at privacy@refillarena.com.

9.Your Privacy Rights

Subject to applicable law and to verifying your identity, you have the following rights in relation to personal information that we hold about you:

  • Access – ask for a copy of the personal information we hold about you and information about how we process it.
  • Rectification – ask us to correct inaccurate or incomplete information.
  • Erasure (“right to be forgotten”) – ask us to delete your personal information, subject to legal retention requirements.
  • Restriction – ask us to limit how we process your information in certain circumstances.
  • Objection – object to processing based on our legitimate interests or for direct-marketing purposes.
  • Portability – receive certain personal information in a structured, commonly used, machine-readable format, or ask us to send it to another controller where technically feasible.
  • Withdraw consent – withdraw any consent you have given us, at any time, without affecting the lawfulness of processing carried out beforehand.
  • Complain – lodge a complaint with the data-protection authority of your country of residence. EU/EEA users can find their authority at edpb.europa.eu; UK users can contact the Information Commissioner’s Office at ico.org.uk.

9.1California, Virginia, and other US state residents

Where US state privacy laws (such as the California Consumer Privacy Act as amended by the CPRA, and similar laws in Virginia, Colorado, Connecticut, Utah, Texas, and other states) apply to our processing, you also have the right to know what categories of personal information we collect and disclose, the right to delete certain personal information, the right to correct inaccurate personal information, the right to opt out of “sales” and “sharing” of personal information and of targeted advertising, and the right not to receive discriminatory treatment for exercising your rights. To exercise these rights, contact us at privacy@refillarena.com. We will honour valid Global Privacy Control (GPC) signals as a request to opt out of sharing for cross-context behavioural advertising.

9.2How to exercise your rights

Please send a request to privacy@refillarena.com from the email address associated with your account, describing the right you want to exercise and the information involved. We may need to verify your identity before acting on a request. We will respond within the time limits set by applicable law (typically 30 days for GDPR requests and 45 days for most US state laws), and we may extend that period where the request is complex or where you have made several requests.

10.Data Retention

We retain personal information for as long as is necessary to provide the Platform and fulfil the purposes set out in this Privacy Policy, and then for a further period as required by applicable law (for example, tax, accounting, and anti-money-laundering laws typically require records of transactions and customer interactions to be kept for several years after the relationship ends).

Where personal information is no longer required, we either delete it or anonymise it so that it can no longer be linked to an identified individual.

11.How We Protect Your Information

We use a combination of technical, organizational, and physical measures designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, and unauthorized access. These measures include TLS encryption of data in transit, restricted access to production systems, role-based access controls, logging and monitoring, secure software development practices, and use of PCI-compliant payment service providers.

No method of transmission over the internet and no method of electronic storage is, however, 100% secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required, affected users in accordance with applicable law.

12.Children’s Privacy

The Platform is intended for adults aged 18 and over and is not directed at children. We do not knowingly collect personal information from children under the age of 13 (or under the higher minimum age set by the law of the country where the child resides). If you are a parent or guardian and believe that your child has provided personal information through the Platform, please contact us at privacy@refillarena.com and we will take reasonable steps to delete the information.

13.Do Not Track Signals

Some browsers transmit a “Do Not Track” signal. Because there is no industry-wide standard for how to interpret this signal, the Platform does not currently respond to Do Not Track signals. We do, however, honour valid Global Privacy Control (GPC) signals as opt-out requests for the purposes of US state privacy laws, as described in Section 9.1.

14.Third-Party Websites and Services

The Platform may contain links to third-party websites, applications, or services (such as social-media pages, Issuer redemption portals, payment service provider pages, or blockchain explorers) that are not operated by us. This Privacy Policy does not apply to those third-party services, and we are not responsible for their content, privacy practices, or security. We encourage you to review the privacy notices of any third-party service you choose to use.

15.Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other reasons. The most current version will always be available on the Platform with the “Last Updated” date shown at the top of this page. Where the changes are material, we will provide more prominent notice (for example, by posting a banner on the Platform or sending an email to registered users) before the changes take effect.

16.Contact Us

If you have any questions about this Privacy Policy or about how we handle your personal information, or if you would like to exercise any of your privacy rights, please contact us:

Hala Media Marketing Services

Refillarena (refillarena.com)

Dubai, United Arab Emirates

Email: privacy@refillarena.com

General support: support@refillarena.com

Contact form: https://refillarena.com/en/contact-us