Please see Section 7 for contact details of the Data Controllers.
2. INFORMATION WE COLLECT
There are two general categories of information we collect.
2.1. INFORMATION YOU GIVE US
When using any of the Website’s products you will be asked to provide us with true, updated and accurate personal information that will allow us to identify you. We ask for and collect the following personal information about you when you use the Website. This information is necessary for the adequate performance of the contract between you and us and to allow us to comply with our legal obligations. Without it, we may not be able to provide you with all the requested services.
We collect your name and surname, date of birth, place of residence, postal code and email address that you provide upon registration. This data is processed for the purpose of player identification. The legal basis for this processing is our legal obligation to comply with the relevant Gambling Legislation.
In some cases, we collect your ID document, proof of your address, proof of payment, SOW, date of birth, address, email address, phone number, you provide us with. This data is processed for the purpose of player verification and KYC. The legal basis for this processing is our legal obligation to comply with anti-money laundry regulations.
When you use the payment services, we need to collect certain financial information, like your (encrypted) payment card information, your email, phone, address, date of birth, as it is necessary to comply with applicable law, such as anti-money laundering regulations, and to process payments. Without it, you will not be able to use payment services.
When you communicate with us, we collect your name, your email and any information about your communication. This data is processed for the purpose of providing you a support service and in order to maintain accurate records of the information that we have received from you, given our legitimate interest in improving the Website and our users’ experience with it, and for the adequate performance of the contract with you.
may combine the information provided by you with other information about you
which is available from publicly available sources which may be relevant to
your use of the Website, for the purposes of verifying your identity to prevent
and detect crime and money laundering.
2.2. INFO WE AUTOMATICALLY COLLECT FROM YOUR USE OF THE WEBSITE
When you use the Website and the payment service, we automatically collect information, including personal information, about the services you use and how you use them. This information is necessary for the adequate performance of the contract between you and us, to enable us to comply with legal obligations and given our legitimate interest in being able to provide and improve the functionalities of the Website and in preventing fraud.
When you access or use the Website, we collect information such as your IP address, location, information about the device(s) and the browser you use, details of the web pages you have viewed; when you use the payment services, we collect information related to your payment transactions through the Website, including the payment instrument used, date and time, payment amount, payment instrument expiration date, email address, IBAN information, your address and other related transaction details. This information is necessary for the provision of the payment services, to comply with different countries’ applicable laws and regulations (such as anti-money laundering regulations) and for anti-fraud monitoring purposes.
3. HOW WE USE INFORMATION WE COLLECT
We use, store, and process information, including personal information, about you to provide, improve, and develop the Website, create and maintain a trusted and safer environment and comply with our legal obligations.
In particular, to:
- Enable you to access and use the Website (or other Websites operated by us), operating and managing your account.
- Operate, protect, improve, and optimize the Website and user experience.
- Provide you with personalised use of our Services so that we can offer you and other players a better service.
- Profile you so that we can better understand your preferences and which products and offers would be most suitable for you and customers similar to you.
- Provide customer service.
- Send you service or support messages, updates, security alerts, and account notifications.
We process this information given our legitimate interest in improving the Website and our users’ experience with it, and where it is necessary for the adequate performance of the contract with you.
- Detect and prevent fraud, spam, abuse, security incidents, and other or illegal harmful activity.
- Monitor your gambling patterns and to identify possible responsible gambling concerns.
- Conduct security investigations and risk assessments.
- Conduct checks against databases and other information sources, including background or police checks, to the extent permitted by applicable laws and with your consent where required.
- Verify or authenticate information or identifications provided by you.
- Conduct KYC verification, to the extent permitted by applicable laws and with your consent where required.
- Comply with our legal obligations.
- Enforce our Terms of Services and other policies.
We process this information given our legitimate interest in protecting the Website, to measure the adequate performance of our contract with you, and to comply with applicable laws.
The Payments Data Controller uses the information collected to:
- Enable you to access and use the Payment Services.
- Investigate suspected unlawful, fraudulent or other improper activity connected with use of the Website and to report a crime or suspected crime, including money laundering or fraud.
- Conduct security investigations and risk assessments.
- Conduct checks against databases and other information sources.
- Comply with legal obligations.
with requests for information from the relevant Competent Authorities.
- Enforce our Terms of Services and other policies.
We may use your data also to:
- Contact you in relation to promotions, products or services that you may be interested in from time to time, but only where you have consented to receive such marketing communications.
- Carry out certain profiling of you and your activity on the Website in order to personalise, measure, and improve our marketing and to send you more relevant marketing communications.
In such cases we will process your personal information for the purposes listed in this section given our legitimate interest in undertaking marketing activities to offer you products or services that may be of your interest. You can always opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications or changing your notification settings within your Account.
Our website incorporates privacy controls which affect how we will process your personal data. You can access the privacy controls via your Account settings.
4. SHARING AND DISCLOSURE
4.1. COMPLIANCE WITH LAW, RESPONDING TO LEGAL REQUESTS, PREVENTING HARM AND PROTECTION OF OUR RIGHTS.
We may disclose your information, including personal information, to courts, law enforcement or governmental authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary: (i) to comply with our legal obligations, (ii) to comply with legal process and to respond to claims asserted against us, (iii) to respond to requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability, (iv) to enforce and administer our Terms of Service, or (v) to protect our and our employees’ rights, property or personal safety. We may access and share your information with regulators, law enforcement or others in response to a legal request, if we have a good-faith belief that the law requires us to do so. We can also respond to legal requests when we have a good-faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction and is consistent with internationally recognised standards and/or we have a good-faith belief that it is necessary to: detect, prevent and address fraud, unauthorised use of the service, breaches of our Terms or Policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or service), you or others, including as part of investigations or regulatory enquiries.
The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights and proper protection of our business against risks.
Where appropriate, we may notify you about legal requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, or create or increase a risk of fraud upon us. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify you about the request after the fact where appropriate and where we determine in good faith that we are no longer prevented from doing so.
4.2. THIRD PARTIES SERVICE PROVIDERS
For example, service providers may help us: verify your identity or authenticate your identification documents, check information against public databases, conduct background or police checks, fraud prevention, and risk assessment, provide customer service, advertising, web traffic analysis or payments services. We may share some of your information with such third parties service providers in order to ensure the adequate performance of our contract with you, for our legitimate interest and to comply with our legal obligations. Also, we share your personal data (like your name, surname, date of birth, address, email address, phone number) with our service providers for KYC checks, fraud prevention or player protection; we share some of your personal information like your name, date of birth, email address, country with our gaming service providers for account management and fraud detection purposes; we may share data such as your name, gender, age, language, marital status, mobile number, revenue amount, email, registered date with our service providers for marketing campaigns. We may share your personal data (like name, username, email address, address, phone number) with service providers who assist us in enhancing your user experience and in offering you our service. We also share information about your use of our site with our trusted social media, advertising and analytics partners.
Third-party payment providers may also collect and process your data on their own in order to comply with their legal obligations. Such service providers have their own privacy policies in respect to the information we are required to provide them with for your transactions and they are separate controllers which bear the responsibility for your payment data. We recommend that you read their privacy policies, so that you can understand the manner in which your Personal Information will be handled by these providers.
You can always contact us to receive the full list of our service providers which process your data.
4.3. CORPORATE AFFILIATE
We may share your information, including personal information, to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
4.4. AGGREGATED DATA
We may also share aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and other anonymized information for regulatory compliance, industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.
4.5. BUSINESS TRANSFERS
5. PROTECTING YOUR INFORMATION
The security of
personal data is important to us. We adhere to ISO 27001 for information
security and have appropriate information policies, standards and technologies
in place ensuring the security of our website and services and to protect your
personal data from the point of collection
to the point of destruction (including but not limited to encryption of personal data, data masking, administrative and technical access controls, security policy, etc.).
We have adopted the principle of privacy by design and will ensure that the definition and planning of all new or significantly changed systems that collect or process personal data will be subject to due consideration of privacy issues.
6. DATA SUBJECT RIGHTS
Under the General Data Protection Regulation, you have the right to access, rectify, port and delete some of your data. You also have the right to object to and restrict certain processing of your data. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs.
You may exercise any of the rights described in this section before your Data Controller and Payments Data Controller by sending an email to [email protected]. Please note that we may ask you to verify your identity before taking further action on your request.
Please be aware that whilst we will try to accommodate any request you make in respect of your rights they are not absolute rights. This means that we may have to refuse your request or may only be able to comply with it in part.
6.1. MANAGING YOUR INFORMATION
You may access and update some of your information through your Account settings. You are responsible for keeping your personal information up-to-date.
6.2. RECTIFICATION OF INACCURATE OR INCOMPLETE INFORMATION
You have the right to ask us to correct inaccurate or incomplete personal information concerning you (and which you cannot update yourself within your Account).
6.3. DATA ACCESS AND PORTABILITY
You have the right to access your personal data held by us and a right to receive certain personal data in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).
6.4. DATA RETENTION AND ERASURE
We will retain your personal data for the period necessary to perform the contract between you and us and to comply with applicable regulations and standards relating to gambling and gaming, anti-money laundering, taxation, payment processing and complaint handling, the need to prevent or detect crime or other misuse of our services and audit requirements as well as for marketing purposes. Accordingly, the Data Controller and/or the Payments Data Controller shall maintain your personal data for up to 7 years following the last data record related to you. Where it is no longer necessary to process your personal data, it will be deleted or anonymised. Please note, however, that we may be subject to legal and regulatory requirements to keep personal data for a longer period.
You have the right to have certain personal data erased or anonymised where it is no longer necessary for us to process it, where you have withdrawn your consent pursuant to paragraph 5.5, where you have objected pursuant to paragraph 5.6, where your personal data has been unlawfully processed, or where erasing your personal data is required in accordance with a legal obligation.
Please note that if you request the erasure of your personal information:
a. We can retain and use your personal information to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for tax, anti-money laundering reporting and auditing obligations.
b. We can retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety.
c. Information that we receive about you (including financial transaction data) can be accessed and preserved for an extended period when it is the subject of a legal request or obligation, governmental investigation or investigations of possible breaches of our Terms or Policies, or otherwise to prevent harm.
d. In order to protect information from accidental or malicious destruction, when we delete/ anonymise information from our system, we may not immediately delete/anonymise residual copies from our servers or remove information from our backup systems. If deletion/anonymisation is not possible (because the data has been stored in backup archives) then we will securely store, isolate, and safeguard your information from any further use until deletion/anonymisation can be possible.
6.5. WITHDRAWING CONSENT AND RESTRICTION OF PROCESSING
Where we have specifically requested your consent to process your personal data and have no other lawful conditions to rely on, you have the right to withdraw this consent at any time by changing your Account settings or by sending a communication to [email protected] specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.
Additionally, applicable law may give you the right to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information; (ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing pursuant to next section and pending the verification whether the legitimate grounds of the Data Controller override your own.
6.6. OBJECTION TO PROCESSING
You have the right to object to processing where lawful basis is that it is in our legitimate interests, but please note that we may still process your personal data where there are other relevant lawful bases or where we have compelling grounds to continue processing your personal data in our interests which are not overridden by your rights, interests or freedoms;
You also have the right to object to direct marketing, which can be done by opting-out of direct marketing either via your Account settings or by opting out via the communication itself. You also have a right to object to any profiling to the extent that it relates to direct marketing only.
6.7. LODGING COMPLAINTS
You have the right to lodge complaints about the data processing activities carried out by the Data Controller and the Payment Data Controller before the competent data protection authorities. Please refer to Section 7 for further information.
7. OVERSEAS TRANSFER OF YOUR INFORMATION
For example, we might share your account data with our companies in Curacao and in China. Such sharing is necessary for us given our legitimate interest in conducting the operations and to fulfil the contract you have entered into with us.
Where this means personal information is transferred outside the EEA, unless the country has been held to offer an adequate level of protection for Personal Data by the European Commission we have to put in place additional legal protections on top of our standard checks and measures, to ensure it receives the same level of protection as it would within Europe. We do this by using standardised contractual clauses (sometimes called ‘the EU Model Clauses’) approved by the European Commission and European privacy regulators, although there are alternative approved legal mechanisms that ensures a protection of your data to the standard required within the EEA which we can decide to use instead.
You can always contact us to receive the full list of our service providers outside of the EEA which process your data.
8. CONTACT US
If you have questions about this Policy or our information handling practices, or if you are seeking to exercise any of your rights under the General Data Protection Regulation, please contact our Data Protection Officer at: [email protected].
The Data Controller responsible for your information is GoldWin Limited, reg no. C79820, which you can contact online through our website “Contact Us” form” or by post at:
527, ST.Paul’s Street, ST.Paul’s Bay, Malta.
9. FILLING A COMPLAINT
If you are not satisfied with how we manage your personal data, you also have the right to lodge a complaint with your local Data Protection Authority.