You should read this Notice before using the Website/Apps. If you use or register via the Website/Apps, or submit a query to us via the Website/Apps or other means, including telephone or mail, you accept this Notice. If you do not accept this Notice, please do not use the Website/Apps.
The Notice is integral part and applies together with the Website/Apps General Terms and Conditions (the «GT&C»). The terms not defined here shall have the same meanings as defined in the GT&C. Therefore you will need to read and understand the GT&C in addition to this Notice.
We are highly committed to preserving your privacy and delivering secure and legally compliant services. This Notice has the following sections:
Who controls the data?
The Company controls the processing of your Personal Data. This activity is supervised by the Austrian Data Protection Authority.
How can I send queries on personal data protection?
Please read first our FAQ section and this Notice. In all cases, you can send the queries related to this Notice in the following e-mail address [email protected]. Our teams and Data Protection Officer (DPO) shall address them with the due attention.
What kind of Personal Data does the Company process?
Depending on your activities and services chosen on the Website/Apps, We shall process all or part of the following data:
Guest user activity data (in Apps), that may include but are not limited to: device data, source and destination data, user number, gaming transactions, online payments number. These data are processed in anonymous mode;
Data provided by your during the creation of the account. They may include, but are not limited to: name, surname, email address, address, telephone number, date of birth, gender;
Website/Apps registered account activity data, that may include but are not limited to: device data, source and destination data, nickname, player ID, account username and password, gaming transactions, online payments data (debit/credit cards), data provided to customer services (including emails and phone calls);
Data that may be provided by government authorities or authorized third party companies in order for us to deliver the GT&C, fulfill the regulatory obligations and exercise our legal rights; and
Data collected via cookies when using the Website/Apps, including in log-out mode. For more information about cookies and how to manage them please see our Cookies Policy;
Data provided by third parties who’ve obtained in advance your permission to share the data with us for certain services e.g. social media or various mobile applications (where applicable);
For what purposes is the Personal Data processed?
We process your data for the following purposes:
- administer the Website/Apps, including setting up and operating your guest or registered account;
- ensure the accuracy of your data for the purposes of age verification, preventing fraud, cheating or money laundering, reducing business risks and protecting the integrity of our games. These activities may include a degree of semi-automatic profiling, based on your registration and gaming activity data;
- fulfil the Website/Apps GT&C;
- process online payments with third party payment providers and/or financial institutions;
- provide you with customer support, including (where applicable) telephone;
- comply with laws, regulatory obligations or respond requests from government authorities. These are mainly set in financial laws;
- protect our rights, including our related parties. In some cases we may believe that it is necessary, including in good faith, to record and disclose data to: (i) protect, enforce, or defend our legal rights, privacy, safety or property, (ii) protect your and public safety, privacy and security, or (iii) for business risk management;
- improve the security, services and features provided by the Website/Apps. This may include research, surveys, ask for your optional feedback, internal trainings and Affiliates services;
- complete potential merger or sale of assets. If we sells all or part of the business or assets, or are involved in a merger or transfer, we may disclose and transfer your data to the other party(s);
- further to your specific and optional consent, provide customized marketing communications fitting your interests and expectations. These are based on registration and gaming activity data; and
- further to your specific and optional consent provide direct marketing communications that are (i) of generic nature or (ii) partially based on your gaming journey and/or customized via: email, instant messages, and (where applicable) chats, SMS and telephone.
We shall inform you in case the data may be processed for other purposes and parties.
On what legal basis is the Personal Data processed?
The processing of data for the purposes of:
The above sections from (1) to (5) are necessary for the execution of the Website/Apps GT&C and therefore are mandatory;
The above section (6) is required by law and therefore it is also mandatory;
The above section (7) to (9) are based on our legitimate interest, and include business risk management and protection of our products integrity. They are adequately balanced with your interest since the data processing is performed within the limits strictly necessary for these activities. You can object this processing at any time as provided in this Notice;
The above sections (10) and (11) are optional. Without your consent we shall not provide generic and/or customized marketing communications.
What is the data retention period?
These periods and criteria will apply, unless a different period is required or permitted by law, or we have reasonable belief that it is necessary:
data collected for the purposes of the above sections from (1) to (9) is retained during the execution of the Website/Apps GT&C. Plus the retention periods set or allowed by specific laws, after the termination of the services;
data collected for the purpose of the above sections (10) and (11) is retained during the execution of the Website/Apps GT&C and/or until you have required their deletion.
In case of further queries you may contact us at the email address indicated in this Notice.
Security and privacy measures
We process the data with partially or fully automated electronic means and protect them with adequate security measures. The activities that may produce significant legal effects, such as decisions based on profiling, always involve a human intervention and/or final decision. We use appropriate legal, administrative, technical, personnel and physical measures to safeguard the data against loss, theft and unauthorized use, disclosure or modification.
Credit card payments are processed according to PCI DSS (Payment Card Industry Data Security Standards).
The Website/Apps may contain links to and from partner networks or third party websites/apps. If you follow a link to any of these websites/apps, note that they have their own privacy policies and terms. We do not accept any responsibility for their content. Please check such policies and terms before accepting and submitting any information to them.
Who can have access to the Personal Data?
The data can be processed by recipients located within or outside of the European Economic Area (EEA) in compliance with these limits:
our employees who are responsible for processing and safekeeping the data;
our parent company, some sister companies and third party providers to offer the GT&C services, e.g. for payments and marketing services or our legitimate interest. This may include employees, associates, agents, sub-contractors and product providers;
government authorities to comply with legal obligations. This may involve (if applicable) the reporting of fraudulent or criminal suspicion and responsible gambling cases to relevant authorities or other authorized third parties.
Third parties access to your data is limited only to the information necessary to perform their function on our behalf or as required by law. They shall be made subject to confidentiality and data protection obligations provided by law and as considered necessary by us.
You can contact us in case you need further information on the data processors.
Is Personal Data transferred abroad?
We shall not transfer your data outside the EEA unless the due safeguards are in place.
Some non-EEA countries are recognized by the European Commission (EC) as providing an adequate level of data protection. The list is available at: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
In case of data transfers to countries not considered adequate by the EC, We will put in place appropriate safeguards to protect the data and in compliance with the data protection laws, such as standard contractual clauses adopted by the EC as per the EU General Data Protection Regulation 2016/679 (the “Privacy Regulation”).
Your data may be processed outside of the EEA to deliver some of the Website/Apps services:
some data may be processed in the USA, depending on the payment provider chosen by you and activities undertaken by the payment provider.
You can contact us in case you need further information.
What are the Players’ rights on Personal Data?
You can at any time:
- obtain confirmation of the existence of personal data. This information is primarily provided in Your account;
- know the origin, purposes and method of data processing and the logic applied to electronic processing. This information is provided in this Notice and when you use the Website/Apps features.
- request to update, correct or integrate further relevant data. This is provided via the customer service;
- revoke at any time the data processing consent. It does not affect the lawfulness of the data processing based on the previously given consents. This is offered via specific tools e.g. opt-out or un-subscriptions;
- request to restrict the data processing where:
- You contests the accuracy of the data until we have taken sufficient steps to correct or verify the accuracy;
- The processing is unlawful but you do not want that we erase the data;
- We no longer need the data for the provided purposes, but you require them to establish, exercise or defend a legal claim; or
- You have objected the data processing justified by legitimate interests, pending verification if we have legitimate grounds to continue processing;
- object the data processing, including those based on our legitimate interest, and (where applicable) the decisions being taken by fully automated means. This request may result in the termination of the services provided to you;
- request the erasure of data without undue delay. This request may result in the termination of the services provided to you;
- receive an electronic copy of the provided data, if you like to port them to a different service provider. This is offered by the customer service; and
- lodge a complaint with the data protection authority.
Unless otherwise provided, these services are offered by sending a written request. They are free of charge however in certain circumstances, we may apply a reasonable fee and fully or partially refuse the request. We will do our best to accommodate your requests. However this may be limited to the extent applicable to the limited anonymous data processed by us. In addition sometimes other legal obligations or third party rights may take precedence.
Your requests shall be handled within one month of receipt. This may be extended by two further months based on the complexity and number of the requests.
This Notice is valid from the date indicated in its header. We could make further modifications due to business developments or legal and regulatory changes. You shall be notified in advance in case of significant changes.