PRIVACY POLICY
1. INTRODUCTION
By using and/or visiting any section of the website www.westcasino.com (the "Website"); or by opening an account on the Website you agree to be bound by the Privacy Policy.
This
Privacy Policy describes how we collect, use, process, and disclose your
information, including personal information, in conjunction with your access to
and use of this Website.
The “Data Controller” is the company that determines the purposes and means of the processing of personal data under this Privacy Policy. GoldWin Limited acts in its capacity of data controller in terms of the EU Regulation 2016/679, determining the purposes and means of the processing of your personal data.
For the
purpose of this policy, the use of “we,” “us,” or “our,” refers to the company
that is responsible for your information under this Privacy Policy.
Please see Section 7 for contact details of the Data
Controllers.
2. INFORMATION WE COLLECT
There are two general categories of information we collect.
2.1. INFORMATION YOU GIVE US
When using any of the Website’s products you will
be asked to provide us with true, updated and accurate personal information
that will allow us to identify you. We ask for and collect the following
personal information about you when you use the Website. This information is
necessary for the adequate performance of the contract between you and us and
to allow us to comply with our legal obligations. Without it, we may not be
able to provide you with all the requested services.
We collect your name and surname, date of birth, place of
residence, postal code and email address that you provide upon registration. This
data is processed for the purpose of player identification. The legal basis for
this processing is our legal obligation to comply with the relevant Gambling
Legislation.
In some cases, we collect your ID document, proof of your address,
proof of payment, SOW, date of birth, address, email address, phone number, you provide us with. This data is
processed for the purpose of player verification and KYC. The legal basis for this processing is our legal obligation to
comply with anti-money laundry regulations.
When you use the payment services,
we need to collect certain financial information, like your (encrypted)
payment card information, your email, phone, address, date of birth, as it is
necessary to comply with applicable law, such as anti-money laundering
regulations, and to process payments. Without it, you will not be able to use
payment services.
When you communicate with us, we collect your name, your email and
any information about your communication. This data is processed for the
purpose of providing you a support service and in order to maintain accurate
records of the information that we have received from you, given our legitimate
interest in improving the Website and our users’ experience with it, and for
the adequate performance of the contract with you.
We
may combine the information provided by you with other information about you
which is available from publicly available sources which may be relevant to
your use of the Website, for the purposes of verifying your identity to prevent
and detect crime and money laundering.
2.2. INFO WE AUTOMATICALLY COLLECT FROM YOUR USE OF THE WEBSITE
When you use the Website and the payment service, we automatically
collect information, including personal information, about the services you use
and how you use them. This information is necessary for the adequate
performance of the contract between you and us, to enable us to comply with
legal obligations and given our legitimate interest in being able to provide
and improve the functionalities of the Website and in preventing fraud.
When you access or use the Website, we collect information such as
your IP address, location, information about the device(s) and the browser you
use, details of the web pages you have viewed; when you use the payment services,
we collect information related to
your payment transactions through the Website, including the payment instrument
used, date and time, payment amount, payment instrument expiration date, email
address, IBAN information, your address and other related transaction details. This
information is necessary for the provision of the payment services, to comply
with different countries’ applicable laws and regulations (such as anti-money
laundering regulations) and for anti-fraud monitoring purposes.
We use cookies and other tools (such as web analytic tools and pixel tags) for the purposes described above and also to analyse traffic to the site and customise content and advertising. For more information, please read our Cookie Policy . We will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our website.
3. HOW WE USE INFORMATION WE COLLECT
We use, store, and process information, including personal information, about you to provide, improve, and develop the Website, create and maintain a trusted and safer environment and comply with our legal obligations.
In particular, to:
- Enable you to access and use the Website (or other Websites operated by us), operating and managing your account.
- Operate, protect, improve, and optimize the Website and user experience.
- Provide you with personalised use of our Services so that we can offer you and other players a better service.
- Profile you so that we can better understand your preferences and which products and offers would be most suitable for you and customers similar to you.
- Provide customer service.
- Send you service or support messages, updates, security alerts, and account notifications.
We process this information given our legitimate interest in improving the Website and our users’ experience with it, and where it is necessary for the adequate performance of the contract with you.
- Detect and prevent fraud, spam, abuse, security incidents, and other or illegal harmful activity.
- Monitor your gambling patterns and to identify possible responsible gambling concerns.
- Conduct security investigations and risk assessments.
- Conduct checks against databases and other information sources, including background or police checks, to the extent permitted by applicable laws and with your consent where required.
- Verify or authenticate information or identifications provided by you.
- Conduct KYC verification, to the extent permitted by applicable laws and with your consent where required.
- Comply with our legal obligations.
- Enforce our Terms of Services and other policies.
We process this information given our legitimate interest in protecting the Website, to measure the adequate performance of our contract with you, and to comply with applicable laws.
The Payments Data Controller uses the information collected to:
- Enable you to access and use the Payment Services.
- Investigate suspected unlawful, fraudulent or other improper activity connected with use of the Website and to report a crime or suspected crime, including money laundering or fraud.
- Conduct security investigations and risk assessments.
- Conduct checks against databases and other information sources.
- Comply with legal obligations.
- Comply
with requests for information from the relevant Competent Authorities.
- Enforce our Terms of Services and other policies.
We may use your data also to:
- Contact you in relation to promotions, products or services that you may be interested in from time to time, but only where you have consented to receive such marketing communications.
- Carry out certain profiling of you and your activity on the Website in order to personalise, measure, and improve our marketing and to send you more relevant marketing communications.
In such cases we will process your personal information for the purposes listed in this section given our legitimate interest in undertaking marketing activities to offer you products or services that may be of your interest. You can always opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications or changing your notification settings within your Account.
Our website incorporates privacy controls which affect how we will process your personal data. You can access the privacy controls via your Account settings.
4. SHARING AND DISCLOSURE
4.1. COMPLIANCE WITH LAW, RESPONDING TO LEGAL REQUESTS, PREVENTING HARM AND PROTECTION OF OUR RIGHTS.
We may disclose your information, including personal information, to courts, law enforcement or governmental authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary: (i) to comply with our legal obligations, (ii) to comply with legal process and to respond to claims asserted against us, (iii) to respond to requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability, (iv) to enforce and administer our Terms of Service, or (v) to protect our and our employees’ rights, property or personal safety. We may access and share your information with regulators, law enforcement or others in response to a legal request, if we have a good-faith belief that the law requires us to do so. We can also respond to legal requests when we have a good-faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction and is consistent with internationally recognised standards and/or we have a good-faith belief that it is necessary to: detect, prevent and address fraud, unauthorised use of the service, breaches of our Terms or Policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or service), you or others, including as part of investigations or regulatory enquiries.
The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights and proper protection of our business against risks.
Where appropriate, we may notify you about legal requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, or create or increase a risk of fraud upon us. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify you about the request after the fact where appropriate and where we determine in good faith that we are no longer prevented from doing so.
4.2. THIRD PARTIES SERVICE PROVIDERS
We use a variety of third-party service
providers to help us provide services related to the Website and the payment services.
Service providers may be located or carry out their activity inside or outside
of the European Economic Area (“EEA”). These providers
have limited access to your information and are contractually bound to protect
and to use it on our behalf only for the purposes for which it was disclosed
and consistent with this Privacy Policy.
For example, service providers may help us:
verify your identity or authenticate your identification documents, check
information against public databases, conduct background or police checks,
fraud prevention, and risk assessment, provide customer service, advertising, web
traffic analysis or payments services. We may share some of your
information with such third parties service providers in
order to ensure the adequate performance of our contract with you, for our
legitimate interest and to comply with our legal obligations. Also, we share your
personal data (like your name, surname, date of birth, address, email address,
phone number) with our service providers for KYC checks, fraud prevention or player
protection; we share some of your personal information like your name, date of
birth, email address, country with our gaming service providers for account
management and fraud detection purposes; we may share data such as your name, gender,
age, language, marital status, mobile number, revenue amount, email, registered
date with our service providers for marketing campaigns. We may share your
personal data (like name, username, email address, address, phone number) with
service providers who assist us in enhancing your user experience and in
offering you our service. We also share information about your use of our site
with our trusted social media, advertising and analytics partners.
Third-party payment providers may also collect and process your
data on their own in order to comply with their legal obligations. Such service
providers have their own privacy policies in respect to the information we are
required to provide them with for your transactions and they are separate
controllers which bear the responsibility for your payment data. We recommend
that you read their privacy policies, so that you can understand the manner in
which your Personal Information will be handled by these providers.
You can always contact us to receive the full
list of our service providers which process your data.
4.3. CORPORATE AFFILIATE
We may share your information, including personal information, to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
4.4. AGGREGATED DATA
We may also share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and other anonymized information for regulatory compliance, industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.
4.5. BUSINESS TRANSFERS
If we undertake or are involved in any merger, acquisition, reorganization, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer or share some or all of our assets, including your information in connection with such transaction or in contemplation of such transaction (e.g., due diligence). In this event, we will notify you before your personal information is transferred and becomes subject to a different privacy policy.
5. PROTECTING YOUR INFORMATION
The security of
personal data is important to us. We adhere to ISO 27001 for information
security and have appropriate information policies, standards and technologies
in place ensuring the security of our website and services and to protect your
personal data from the point of collection
to the point of destruction
(including but not limited to encryption of personal data, data masking,
administrative and technical access controls, security policy, etc.).
We have adopted the principle of privacy by design and will ensure that the definition and planning of all new or significantly changed systems that collect or process personal data will be subject to due consideration of privacy issues.
6. DATA SUBJECT RIGHTS
Under the General Data Protection Regulation, you have
the right to access, rectify, port and delete some of your data. You also have
the right to object to and restrict certain processing of your data. This is a
case-by-case determination that depends on things such as the nature of the
data, why it is collected and processed, and relevant legal or operational retention
needs.
You may exercise any of the rights described in this
section before your Data Controller and Payments Data Controller by sending an
email to [email protected]. Please note that we may ask you to verify your
identity before taking further action on your request.
Please be aware that whilst we will try to accommodate
any request you make in respect of your rights they are not absolute
rights. This means that we may have to
refuse your request or may only be able to comply with it in part.
6.1. MANAGING YOUR INFORMATION
You may access and update some of your information through your Account settings. You are responsible for keeping your personal information up-to-date.
6.2. RECTIFICATION OF INACCURATE OR INCOMPLETE INFORMATION
You have the right to ask us to correct inaccurate or incomplete personal information concerning you (and which you cannot update yourself within your Account).
6.3. DATA ACCESS AND PORTABILITY
You have the right to access your personal data held by us and a right to receive certain personal data in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).
We will provide a copy of your personal data
undergoing processing free of charge. For any further copies requested, we may
charge a reasonable fee based on administrative costs.
6.4. DATA RETENTION AND ERASURE
We will retain your personal data for the period
necessary to perform the contract between you and us and to comply with applicable
regulations and standards relating to gambling and gaming, anti-money
laundering, taxation, payment processing and complaint handling, the need to
prevent or detect crime or other misuse of our services and audit requirements
as well as for marketing purposes. Accordingly, the Data Controller and/or the
Payments Data Controller shall maintain your personal data for up to 7 years
following the last data record related to you. Where it is no longer necessary
to process your personal data, it will be deleted or anonymised. Please note,
however, that we may be subject to legal and regulatory requirements to keep
personal data for a longer period.
You have the right to have certain personal
data erased or anonymised where it is no longer necessary for us to process it,
where you have withdrawn your consent pursuant to paragraph 5.5, where you have
objected pursuant to paragraph 5.6, where your personal data has been
unlawfully processed, or where erasing your personal data is required in
accordance with a legal obligation.
Please note that if you request the erasure
of your personal information:
a. We can retain and use your personal
information to the extent necessary to comply with our legal obligations. For
example, we may keep some of your information for tax, anti-money laundering
reporting and auditing obligations.
b. We can retain some of your personal
information as necessary for our legitimate business interests, such as fraud
detection and prevention and enhancing safety.
c. Information that we receive about you (including
financial transaction data) can be accessed and preserved for an extended
period when it is the subject of a legal request or obligation, governmental
investigation or investigations of possible breaches of our Terms or Policies,
or otherwise to prevent harm.
d. In order to protect information from accidental or
malicious destruction, when we delete/ anonymise information from our system,
we may not immediately delete/anonymise residual copies from our servers or
remove information from our backup systems. If deletion/anonymisation is not possible
(because the data has been stored in backup archives) then we will securely
store, isolate, and safeguard your information from any further use until
deletion/anonymisation can be possible.
6.5. WITHDRAWING CONSENT AND RESTRICTION OF PROCESSING
Where we have specifically requested your consent to process your personal data and have no other lawful conditions to rely on, you have the right to withdraw this consent at any time by changing your Account settings or by sending a communication to [email protected] specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.
Additionally, applicable law may give you the right to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information; (ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing pursuant to next section and pending the verification whether the legitimate grounds of the Data Controller override your own.
6.6. OBJECTION TO PROCESSING
You have the right to object to processing where lawful basis is that it is in our legitimate interests, but please note that we may still process your personal data where there are other relevant lawful bases or where we have compelling grounds to continue processing your personal data in our interests which are not overridden by your rights, interests or freedoms;
You also have the right to object to direct marketing, which can be done by opting-out of direct marketing either via your Account settings or by opting out via the communication itself. You also have a right to object to any profiling to the extent that it relates to direct marketing only.
6.7. LODGING COMPLAINTS
You have the right to lodge complaints about the data processing activities carried out by the Data Controller and the Payment Data Controller before the competent data protection authorities. Please refer to Section 7 for further information.
7. OVERSEAS TRANSFER OF YOUR INFORMATION
To facilitate our global operations and for the purposes described in this Privacy Policy we may transfer, store, and process your information within our group of companies or share it with our service providers based outside the European Economic Area (EEA), which is made up of the EU Member states plus certain countries considered to offer a standard of data protection equivalent to that of Europe.
For example, we might share your
account data with our companies in Curacao and in China. Such sharing is
necessary for us given our legitimate interest in conducting
the operations and to fulfil the
contract you have entered into with us.
Where this means personal information is transferred outside the EEA, unless the country has been held to offer an adequate level of protection for Personal Data by the European Commission we have to put in place additional legal protections on top of our standard checks and measures, to ensure it receives the same level of protection as it would within Europe. We do this by using standardised contractual clauses (sometimes called ‘the EU Model Clauses’) approved by the European Commission and European privacy regulators, although there are alternative approved legal mechanisms that ensures a protection of your data to the standard required within the EEA which we can decide to use instead.
8. CONTACT US
If you have questions about this Policy or our information handling practices, or if you are seeking to exercise any of your rights under the General Data Protection Regulation, please contact our Data Protection Officer at: [email protected].
The Data Controller responsible for your information is GoldWin Limited, reg no. C79820, which you can contact online through our website “Contact Us” form” or by post at:
527, ST.Paul’s Street, ST.Paul’s Bay, Malta.
9. FILLING A COMPLAINT
If you are not satisfied with how we manage your personal data, you also have the right to lodge a complaint with your local Data Protection Authority.