- The National Ordinance on the Protection of Personal Data (hereafter referred to as the “DPA”) as well as any other subsidiary legislation issued under the DPA, both as may be amended from time to time; and
- Regulation (EU) 2016/679 of The European Parliament And of The Council of 27 April 2016 On The Protection of Natural Persons With Regard to The Processing of Personal Data And On The Free Movement of Such Data, And Repealing Directive 95/46/EC (General Data Protection Regulation)” (hereinafter referred to as “the Regulation” or “GDPR”).
The DPA and the GDPR shall hereafter be collectively referred to as the “Data Protection Laws”.
The Company determines the means and purposes of the processing of Personal Data and therefore acts as the “Data Controller” in terms of the applicable Data Protection Laws.
“The Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
The Data Processor
“The Data Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Personal Data” means any information that identifies You individually or relates to an identified or identifiable natural person which can also be defined as data subject.
The Company has adopted a secure communication protocol via the Internet TLS 1.2, used to implement the protected remittances. This protocol involves the encryption of Your Personal Data during transmission over the internet. Moreover, The Company stores Your Personal Data digitally on encrypted hard drives which is an additional guarantee of security of personal data.
Our services are registered with site identification authorities so that your browser can confirm Our identity before any personally identifiable information is sent. In addition, our secure servers protect this information using advanced firewall technology.
Personal data protection
Personal Data held by Us is protected using the highest industry standard security processes and systems. Our commitment to protect personal data is not merely through quality and high standards but also through the best and most efficient application of the law. We are bound to only process personal data if such processing is based on a genuine and legitimate reason to do so on the basis of one of the legal grounds established in the GDPR.
Processing on the basis of our legitimate interests
A legitimate interest exists when We have a business or commercial reason upon which personal data will be processed. In such a case We undertake to protect any and all of Your personal data and the manner in which such data is processed and to ensure that such processing would not be unfair to You or to Your interest.
Processing on the basis of your consent
Consent is not the only ground we may be permitted or obliged to rely on to process Your personal data. We will only process personal data on the basis of Your consent where we cannot or otherwise choose not to rely on any ulterior legal ground (such as compliance with a legal obligation or legitimate interest). Where we process Your personal data on the basis of Your consent, you shall have the right to withdraw your consent at any time and in the same manner as it had been previously provided by Yourself. In the case that You exercise Your right to withdraw consent, we would then determine whether we are able (or obliged) to process Your personal data on the basis of any other legal ground other than consent. If this is the case We will notify You accordingly. Any such withdrawal of Your consent will not invalidate any processing operations carried out prior to You having withdrawn Your consent.
Data retention policy
Any and all personal data The Company will keep will be protected in the best way possible and will only be used for purposes which are compatible with the applicable Data Protection Laws as well as any other applicable laws. The Company will retain Your Personal Data only for as long as is necessary (taking into consideration the purpose for which it was originally obtained). The criteria We use to determine what is ‘necessary’ depends on the particular Personal Data in question and the specific relationship We have with You (including its duration).
Generally, Our normal practice is to determine whether there is/are any specific law(s) (for example tax or corporate laws) permitting or even obliging Us to keep certain Personal Data for a certain period of time (in which case We will keep the Personal Data for the maximum period indicated by any such law). For example, any data that can be deemed to be “transactional data” must be kept for at least five (5) years.
We would also have to determine whether there are any laws and/or contractual provisions that may be invoked against Us by You and/or third parties and if so, what the prescriptive periods for such actions are (this is usually five (5) years). In the latter case, We will keep any relevant Personal Data that We may need to defend Ourselves against any claim(s), challenge(s) or other such action(s) by You and/or third parties for such time as is necessary.
Where Your Personal Data is no longer required by Us, We will either securely delete or anonymise the Personal Data in question.
Failure to provide Your Personal Data may prevent The Company from meeting its legal and regulatory obligations, fulfilling its contractual obligations and rendering and/or performing the necessary services needed to satisfactorily manage and maintain Your account. Therefore, failure to provide the necessary personal data may lead to The Company being unable to provide You with certain products and/or services.
Personal data which we collect, purpose of the processing, legal basis of the processing
The following table outlines the categories of personal data which We process, the purpose for which We process such data as well as the corresponding legal basis used for such processing. It is pertinent to know that the same categories of personal data may be processed for different purposes and therefore on the basis of a various legal grounds simultaneously depending on the purpose of processing.
|CATEGORIES OF PERSONAL DATA||PURPOSE OF THE PROCESSING||LEGAL BASIS USED FOR PROCESSING|
|Contact data (Ex: Name, Surname, residence mailing address with post code, telephone/mobile number, email address, a recent utility bill showing your residential address). Identity data (Ex: Name, Surname, address, date of birth, identity card/passport number, a photograph, gender, occupation, your marital status and family, hobbies).||To set up a record on Our system and register you as a new customer. To verify your identity and prevent any possible fraudulent activity such as third parties using your data for impersonation. To provide additional security for your credit data and credit card usage. To be able to provide You with any information regarding Your profile and any requests. To provide support and protection from problem gambling addictions.||Contractual Necessity. Legitimate Interest (ensuring we maintain an accurate record on Our system and providing You with information which you may have requested). Gambling licence requirements. Anti-money laundering and KYC regulations. Your consent (when processed for direct marketing purposes). Responsible Gaming regulations.|
|Contact data. Identity data.||To manage and monitor our ongoing relationship with You and provide You with full customer care services.||Contractual Necessity.|
|Contact data.||To subscribe to a newsletter, campaigns and/or to be added to a mailing list. To provide you with offers and news for our products and the products of select third parties.||Your consent.|
|Activity data (your website logins, activity and transactions on our site, ex: all bets placed, winnings and bonuses received, payments and withdrawals from your account, analytics information some of your browsing history, your favourite bet types or games time spent on particular pages, clicks, actions, cookies, communications you have with customer services by phone, email or live chat, if you self-excluded from our services, etc).||To provide You with any information regarding Your profile and any requests. To personalise Your customer experience. To ensure a responsible gaming environment. To ensure that We have the latest information on any queries, complaints or questions you may have had in the past to enable us to improve our service.||Contractual Necessity. Legitimate Interest (providing and developing innovative gaming and betting experiences to our users on a sustained basis). Responsible Gambling licence requirements. Anti-money laundering and KYC regulations.|
|Technical data (traffic data, GeoIP location, information from your browser, computer or mobile device when You access or use Our services, ex; device and network information.||To manage our ongoing relationship with You, provide You with our services of sports betting and casino games. To personalise Your customer experience. To prevent any fraudulent activity and to provide additional security for your personal and credit data.||Legitimate Interest (providing and developing innovative gaming and betting experiences to our users on a sustained basis). Gambling licence requirements.|
|Financial data (currency, credit card and banking information or other payment details, source of funds).||To manage our ongoing relationship with You and provide You with our services of sports betting and casino games. To prevent any type of fraudulent activity and to provide additional security for your credit data. To monitor your deposits and withdrawals and to prevent any unlawful usage from third parties. To provide You with any information regarding Your profile and any requests.||Contractual Necessity. Legitimate Interest (ensuring we maintain an accurate record on Our system and providing You with information which you may have requested). Gaming licence requirements. Anti-money laundering and KYC regulations.|
|Data required for marketing and educational purposes (Ex: Name, Surname, mailing address, telephone/mobile number, email address, proof of opt-in consent (where required), proof of objections to marketing, website data and online identifiers (such as IP address, and other information generated by Your browser)).||To provide You with marketing material (Our own and that of select third parties) that You have requested from Us or that we deem to be of interest to You. To provide you with educational materials, upcoming events and other related information that may be useful to you in relation to received services and for educational purposes. To personalise Your customer experience.||Your consent (where required) OR Our Legitimate interests (for marketing purposes, where We do not require Your consent & to provide you with tailored services, content and advertisements that better fit your interests as well as to promote our Service)|
The Company may also collect personal data from publicly available sources such as web searches, company registers and broadcast media provided it is reasonable to do so and such conduct is not detrimental to Your rights and freedoms.
Some of your data will also be used to carry out checks which will help complete the Profiling of your account. Profiling is a procedure that includes any form of automated processing of personal data required to abide with AML directives and prevent any other Fraudulent activity from happening using your personal details. These could be Tax Evasion or Suspicious betting patterns to name a few.
No automated decision will be made, including for Marketing purposes. Example of details which are verified automatically by the system are IP address or PEP checks required. However, in all such cases the final decision is made by our human staff. Email address is also verified however You will receive an email to confirm Your own email address.
Processing on the basis of consent
For the avoidance of all doubt, We would like to point out that in those limited cases where We cannot or choose not to rely on another legal ground (for example, Our legitimate interests), We will process Your Personal Data on the basis of Your consent.
In those cases where We process on the basis of Your consent (which We will never presume but which We shall have obtained in a clear and manifest manner from You), YOU HAVE THE RIGHT TO WITHDRAW YOUR CONSENT AT ANY TIME and this, in the same manner as You shall have provided it to Us.
Should You exercise Your right to withdraw Your consent at any time (by writing to Us at the physical or email address below), We will determine whether at that stage an alternative legal basis exists for processing Your Personal Data (for example, on the basis of a legal obligation to which We are subject) where We would be legally authorised (or even obliged) to process Your Personal Data without needing Your consent and if so, notify You accordingly.
When We ask for such Personal Data, You may always decline, however should You decline to provide Us with necessary data that We require to provide requested services, We may not necessarily be able to provide You with such services (especially if consent is the only legal ground that is available to Us).
Just to clarify, consent is not the only ground that permits Us to process Your Personal Data. In the last preceding section above We pointed out the various grounds that We rely on when processing Your Personal Data for specific purposes.
We may be required to use and retain personal information for loss prevention and to protect Our rights, privacy, safety, or property, or those of other persons in accordance with Our legitimate interests.
Authorised disclosures of personal data to third parties
These authorised third parties may include but are not limited to entities within The Company, other third parties and organisations such as law enforcement agencies, fraud prevention companies and tools, identity prevention companies and tools, collaborating accounting and auditing firms, regulators, relevant authorities and digital marketing providers. We may also share such personal data with organisations who have introduced You to Us, third parties which You have asked Us or permitted Us to share Your data with or any other third party which We must necessarily share Your personal data with so as to be able to provide the products and/or services which You have requested. The personal data shared will depend on the product/s and or service/s You choose to use.
When any such personal data has to be transferred outside of the EEA – European Economic Area, We ensure that all the necessary and appropriate safeguards are in place. We may also disclose personal information to other companies within associated or subsidiary companies and to business partners, or successors in title to Our business. The manner in which data transfer outside the EEA is handled is detailed below.
We will use your Personal Information, such as your name, home address, email address, telephone number etc., collected by ourselves and/or through our third party subcontractors for the purpose of providing you with promotional materials via different marketing techniques such as direct email, telephone marketing, SMS and post concerning the Service as well as products, services, websites and applications that may be of interest to you including administering contests, promotions, surveys or other site features which relate to: (i) other companies within the Company’s group; or (ii) the Company’s business partners and affiliates (collectively: “Marketing Affiliates”), which we believe may interest you.
We may also share and disclose Personal Information with our Marketing Affiliates for the purpose of providing you different marketing offers, which we, or our Marketing Affiliates, believe are relevant for you. Our Marketing Affiliates may use this Personal Information for different marketing techniques, such as direct email, post, SMS telephone marketing purposes.
We will use your Personal Information for the purpose of providing you with promotional materials solely where we have a legitimate interest in doing so, or where we have obtained your affirmative consent.
You may at any time decline receiving further marketing offers from us or from our business partners and marketing affiliates by either: following the links inserted in the promotional emails (e.g., selecting the opt-out link), by contacting our customer support at [email protected]. Please note that even if you unsubscribe from our marketing mailing list, we may continue to send you service-related updates and notifications.
Our direct marketing list may be operated by software and servers located overseas and your Personal Information may be sent overseas as part of our marketing.
Sharing of personal data with other categories of recipients
Any such authorised disclosures will be done in accordance with the Data Protection laws (for example, all Our processors are contractually bound by the requirements in the said Data Protection Laws, including a strict obligation to keep any information they receive confidential and to ensure that their employees/personnel are also bound by similar obligations). The said service providers (Our processors) are also bound by a number of other obligations (in particular, those established in Article 28 of the GDPR).
You will be aware that data sent via the Internet may be transmitted across international borders even where sender and receiver of information are located in the same country. We cannot be held responsible for anything done or omitted to be done by You or any third party in connection with any Personal Data prior to Our receiving it including but not limited to any transfers of Personal Data from You to Us via a country having a lower level of data protection than that in place in the European Union, and this, by any technological means whatsoever (for example, WhatsApp, Skype, Dropbox etc.).
Accuracy of personal data
All reasonable efforts are made to keep any Personal Data We may hold about You up-to-date and as accurate as possible. You can check the information that We hold about You at any time by contacting Us in the manner explained below. If You find any inaccuracies, We will correct them and where required, delete them as necessary. Please see below for a detailed list of Your legal rights in terms of any applicable data protection law.
Links to third party sites
Links that We provide to third-party websites are clearly marked and We are not in any way whatsoever responsible for (nor can We be deemed to endorse in any way) the content of such websites (including any applicable privacy policies or data processing operations of any kind). We suggest that You should read the privacy policies of any such third-party websites.
Transfer of data outside of the EEA
The security of Your data is our top priority. We have taken suitable technical and organisational measures to safeguard and secure the data we collect. All your personal data is stored on secure servers maintained by certified, reputable service providers.
Your personal data is primarily stored and processed within the EEA. However, We may share Your personal data with certain third parties, as described above, and Your data may be accessed or stored by them. Some of these third parties may process Your personal data as sub-processors outside the EEA. Your personal data may also be accessed and processed by staff or agents operating outside the EEA who work for us Our contract with You.
Whenever such transfer of your personal data outside the EEA occurs, We will ensure that appropriate safeguards are in place, and that Your enforceable rights as a data subject and effective legal remedies are available, by relying on the use of standard contractual clauses and/or other appropriate legal grounds. You are entitled to receive a copy of such safeguards by contacting Us at [email protected]. We will contractually bind all our processors to the strict security standards which will afford the same level of personal data protection as is enjoyed within the EEA.
By accepting this Policy, you specifically agree and opt-in for Your personal data to be transferred outside the EEA as outlined in this Policy.
Data subject rights
The Company undertakes to assist You in the best way possible should You choose to exercise any of Your rights with respect to Your personal data. In certain cases We might need to verify Your identity prior to acceding to Your request to exercise any relevant right.
Right of Access
You have a right to ask Us whether We are processing any personal data which concerns You and if this is the case, You shall have the right to access that personal data as well as the following information:
- What Personal Data We have;
- Why We process them;
- Who We disclose them to;
- How long We intend on keeping them for (where possible);
- Whether We transfer them abroad and the safeguards We take to protect them;
- What Your rights are;
- How You can make a complaint;
- Where We got Your Personal Data from and Whether We have carried out any automated decision-making (including profiling) as well as related information.
Right to rectification
You have a right to ask us to have any inaccurate or incomplete personal data relating to You rectified and/or completed.
Right of erasure (the “right to be forgotten”)
You have the right to ask Us to delete Your Personal Data and We shall comply without undue delay where:
- The Personal Data are no longer necessary for the purposes for which they were collected; or
- You have withdrawn Your consent (in those instances where We process on the basis of Your consent) and We have no other legal ground to process Your Personal Data; or
- You shall have successfully exercised Your right to object (as explained below); or
- Your Personal Data shall have been processed unlawfully; or
- There exists a legal obligation to which We are subject; or
- Special circumstances exist in connection with certain children’s rights.
In any case, We shall not be legally bound to comply with Your erasure request if the processing of Your Personal Data is necessary to comply with a legal obligation imposed on Us.
Right to Restriction of Processing
You have the right to ask Us to restrict the processing of Your personal data. However, You are only able to exercise this right where:
- The accuracy of Your Personal Data is contested (see the right to data rectification above), for a period enabling Us to verify the accuracy of the Personal Data; or
- The processing is unlawful and You oppose the erasure of Your Personal Data; or
- We no longer need the Personal Data for the purposes for which they were collected but You need the Personal Data for the establishment, exercise or defence of legal claims; or
- You exercised Your right to object and verification of Our legitimate grounds to override Your objection is pending.
Should You successfully exercise this right, We would only be in a position to process Your personal data:
- Where We have Your consent; or
- For the establishment, exercise or defence of legal claims; or
- For the protection of the rights of another natural or legal person; or
- For reasons of important public interest.
Right to Data Portability
You have the right to ask Us to provide You with Your personal data which You would have previously provided to Us. We will provide You such data in a structured, commonly used, machine readable format, or (where technically feasible) We may have the data sent directly to another Data Controller, provided this does not adversely affect the rights and freedoms of others. You may only exercise this right where:
- The processing is based on Your consent or on the performance of a contract with You; and
- The processing is carried out by automated means.
Right to Withdraw Consent
You have the right to withdraw your consent at any time. For detailed information on this right, please refer to “PROCESSING ON THE BASIS OF CONSENT” section 9 which can be found above.
Right to object to processing
In certain instances, You have the right to object to the processing of Your personal data. Where we are only processing Your personal data on the basis of one of the following purposes:
- The processing is necessary for the performance of a task carried out in the public interest; or
- When processing is necessary for the purposes of the legitimate interests pursued by Us or by a third party, the processing shall only cease where the Data Controller has not provided compelling and legitimate grounds which outweigh the objections raised by You in such a request and which require the processing to continue.
Where Your data is being processed for direct marketing purposes, You have the right to object to the processing of Your personal data at any time.
In all other instances apart from those listed above, this general right to object shall not subsist.
Right to lodge a complaint
As a Data subject You may at any time lodge a complaint with any relevant Data Protection Supervisory Authority should You feel that any of Your rights have been impinged by The Company.
Notwithstanding this right, We kindly ask You to please attempt to resolve any issues You may have with Us prior lodging a complaint.
It is important to note that notwithstanding such rights, The Company may still refuse such request if it can reasonably justify such decision. Such refusal does not prohibit You from lodging a complaint with the relevant data protection authority.
Company contact information
If You have any questions or comments about privacy or should You wish to exercise any of Your individual rights, please contact Us. Should you need to you can also contact our customer service team who will be happy to provide you with the required assistance.
The Company’s Data Protection Officer can be contacted directly at [email protected].
When you visit or access our websites or applications operated by us, or when you interact or engage with our content (“Services”), we use (and authorize third parties to use) cookies, pixel tags, beacons, local storage and similar technologies (“Tracking Technologies”).
These allow us to automatically collect information about you, your device, and your online behavior (for example your computer or mobile device), in order to enhance your navigation on our Services, improve our Services’ performance, perform analytics, customize your experience and offer you, for example, tailored content and advertisements that better correspond with your interests.
We also allow third parties to collect information about you though Tracking Technologies.
What are cookies?
Cookies are small text files (composed only of letters and numbers) that a web server places on your computer or mobile device when you visit a webpage. When used, the cookie can help make our Services more user-friendly, for example by remembering your language preferences and settings. You can find more information about cookies at www.allaboutcookies.org.
Storing Tracking Technologies
We store Tracking Technologies when you visit or access our Services (for example when you are visiting our Website or using our mobile applications) – these are called “First Party Tracking Technologies”. In addition, Tracking Technologies are stored by other third parties (for example our analytics service providers, business partners and advertisers) who run content on our Services – these are called “Third Party Tracking Technologies”.
Both types of Tracking Technologies may be stored either for the duration of your visit on our Services or for repeat visits.
What types of Tracking Technologies do we use?
When you use or access our Services, we use the following categories of Tracking Technologies:
Strictly Necessary Tracking Technologies – these Tracking Technologies are automatically placed on your computer or device when you access our Services. These Tracking Technologies are essential to enable you to navigate around and use the features of our Services. We do not need to obtain your consent in order to use these Tracking Technologies;
Functionality Tracking Technologies – these Tracking Technologies allow our Services to remember choices you make (such as your language) and provide enhanced and personalized features. For example, these Tracking Technologies are used for authentication (to remember when you are logged-in) and support other features of our Services;
Performance Tracking Technologies – these Tracking Technologies collect information about your online activity (for example the duration of your visit on our Services), including behavioral data and content engagement metrics. These Tracking Technologies are used for analytics, research and to perform statistics (based on aggregated information).
Marketing or Advertising Tracking Technologies – these Tracking Technologies are used to deliver tailored offers and advertisements to you, based on your derived interests, as well as to perform email marketing campaigns. They can also be used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by our advertisers (for example advertising networks) and provide them insights about the people who see and interact with their ads, visit their websites or use their app.
Social media Tracking Technologies – Our website includes social media features, such as the Facebook “Like” or “Share” buttons. These features are either hosted by a third party or hosted directly on our Services. Your interactions with these features are governed by the privacy statement of the company providing these features.
The following Tracking Technologies are used in connection with our Services. For additional information about any of the Third Party Tracking Technologies, please visit the links of those companies provided.