Under the General Data Protection Regulation, you have the right to access, rectify, port and delete some of your data. You also have the right to object to and restrict certain processing of your data. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs.
You may exercise any of the rights described in this section before your Data Controller and Payments Data Controller by sending an email to [email protected]. Please note that we may ask you to verify your identity before taking further action on your request.
Please be aware that whilst we will try to accommodate any request you make in respect of your rights; they are not absolute rights. This means that we may have to refuse your request or may only be able to comply with it in part.
- Managing your information
You may access and update some of your information through your Account settings. You are responsible for keeping your personal information up to date.
- Rectification of inaccurate or incomplete information
You have the right to ask us to correct inaccurate or incomplete personal information concerning you (and which you cannot update yourself within your Account).
- Data access and portability
- You have the right to access your personal data held by us and a right to receive certain personal data in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).
- We will provide a copy of your personal data undergoing processing free of charge. For any further copies requested, we may charge a reasonable fee based on administrative costs.
- Data retention and erasure
- We will retain your personal data for the period necessary to perform the contract between you and us and to comply with applicable regulations and standards relating to gambling and gaming, anti-money laundering, taxation, payment processing and complaint handling, the need to prevent or detect crime or other misuse of our services and audit requirements as well as for marketing purposes. Accordingly, the Data Controller and/or the Payments Data Controller shall maintain your personal data for up to 7 years following the last data record related to you. Where it is no longer necessary to process your personal data, it will be deleted or anonymised. Please note, however, that we may be subject to legal and regulatory requirements to keep personal data for a longer period.
- You have the right to have certain personal data erased or anonymised where it is no longer necessary for us to process it, where you have withdrawn your consent pursuant to paragraph 5.5, where you have objected pursuant to paragraph 5.6, where your personal data has been unlawfully processed, or where erasing your personal data is required in accordance with a legal obligation.
- Please note that if you request the erasure of your personal information:
- We can retain and use your personal information to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for tax, anti-money laundering reporting and auditing obligations.
- We can retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety.
- Information that we receive about you (including financial transaction data) can be accessed and preserved for an extended period when it is the subject of a legal request or obligation, governmental investigation or investigations of possible breaches of our Terms or Policies, or otherwise to prevent harm.
- In order to protect information from accidental or malicious destruction, when we delete/ anonymise information from our system, we may not immediately delete/anonymise residual copies from our servers or remove information from our backup systems. If deletion/anonymisation is not possible (because the data has been stored in backup archives) then we will securely store, isolate, and safeguard your information from any further use until deletion/anonymisation can be possible.
- Withdrawing consent and restriction of processing
- Where we have specifically requested your consent to process your personal data and have no other lawful conditions to rely on, you have the right to withdraw this consent at any time by changing your Account settings or by sending a communication to [email protected] specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.
- Additionally, applicable law may give you the right to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information; (ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise or defense of legal claims; or (iv) you have objected to the processing pursuant to next section and pending the verification whether the legitimate grounds of the Data Controller override your own.
- Objection to processing
- You have the right to object to processing where lawful basis is that it is in our legitimate interests, but please note that we may still process your personal data where there are other relevant lawful bases or where we have compelling grounds to continue processing your personal data in our interests which are not overridden by your rights, interests or freedoms;
- You also have the right to object to direct marketing, which can be done by opting-out of direct marketing either via your Account settings or by opting out via the communication itself. You also have a right to object to any profiling to the extent that it relates to direct marketing only.
- Lodging complaints
You have the right to lodge complaints about the data processing activities carried out by the Data Controller and the Payment Data Controller before the competent data protection authorities. Please refer to Section 7 for further information.