Last updated 31.12.2020
Our data protection officer and UK Representative
The Company has appointed a Data Protection Officer (‘DPO’) who is responsible for matters relating to privacy and data protection. The Company’s DPO can be reached by sending an email at [email protected].
The Company has appointed a representative in the United Kingdom (‘UK representative’), who can be addressed in addition to or instead of the Company on all issues related to processing. UK representative details: Ametros Group Ltd, Lakeside Offices, Thorn Business Park Hereford, Herefordshire, HR2 6JT England.
What is personal data?
Personal data is any information relating to an identified or identifiable natural living person, otherwise known as a ‘data subject’. A data subject is an individual who can be identified, directly or indirectly, by information such as name, identification number, location data, online identifier, or other data relating to their physical, physiological, genetic, mental, economic, cultural, or social identity. These categories of identifying information are known as ‘personal data’. Personal data excludes any data which has been rendered anonymous in such a manner that the data subject is no longer identifiable (anonymous data).
Special category data is data on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, data concerning a natural person's sex life or sexual orientation. The Company will only process special category data (sensitive data) under strict conditions and with an appropriate legal basis.
Data protection principles
The Company is committed towards compliance. If we need to collect, store or otherwise use your personal data, we will abide by the following data protection principles:
- Lawfulness, fairness and transparency: the processing of personal data shall take place in a lawful, fair and transparent manner;
- Purpose Limitation: the collection of personal data shall only be performed for specified, explicit and legitimate purposes and shall not be further processed in a manner that is incompatible with those purposes;
- Data Minimisation: the collection of personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed;
- Accuracy: the personal data shall be accurate and where necessary, kept up to date. Every reasonable step shall be taken to ensure that personal data that are inaccurate having regard to the purposes for which they are processed, are erased or rectified without delay;
- Storage Limitation: personal data shall be kept in a form which permits identification of the data subject for no longer than it is necessary for the purpose for which the personal data are processed;
- Integrity and Confidentiality: personal data shall be kept confidential and stored in a manner that ensures appropriate security. Personal data shall not be shared with third parties except when necessary and with a justifiable legal basis.
The personal data we collect
We collect and process personal data relating to you in connection with your use of this website and our relationship with you. This personal data may include:
- Information you provide us with when registering on our website, including but not limited to: first and last name, date of birth, gender, home or other physical address, email address, phone number, other information included on the documents you have provided us with;
- Information about your use of our website, including but not limited to information about when, how and where you use the Website;
- Details of transactions you carry out via our website or in connection with your usage of our website, including but not limited to information about your game and betting history, including participation in any tournaments, promotions, information about your deposit, withdrawals, bank account and card details;
- Information you provide us within any correspondence between you and us as data controllers;
- Any other information, that is required by law including, but not limited to information about your source of wealth and your source of funds;
- Information about your betting history, patterns and preferences;
- Information about any possible criminal or money-laundering activity which our system detects;
- Any other personal information you provide us with in connection to the usage of the website.
You are not obliged to provide us with your personal data, but a failure to do so will result in us not being able to provide you with the requested services.
Be aware that we may automatically collect certain data and receive personal data about you where you provide such information through the services or other communications and interactions on the website.
The purposes of the processing and legal basis for processing
All information provided to the Company will be solely used as may be necessary to provide you with the required service. We only process your personal data where we have a lawful basis for doing so:
- Where we are required to do so in accordance with legal or regulatory obligations (including, but not limited to for the registration process, verification of the accuracy of the personal data, to monitor the gambling patterns and to identify possible responsible gambling concerns, to monitor and prevent money-laundering and other criminal offences or fraudulent behaviour);
- To perform our obligations arising out of the contract we have with you i.e. to enable you the usage of our Website, to provide you customer support, to undertake any necessary security and identity verification checks, to process any of your online transactions, to enable you participation tournaments, and for all other actions taken by us to guarantee you efficient usage of the Service;
- Where you have given your consent (including, but not limited to, sending you offers and promotions and provide you with information regarding our products and services);
- In some cases, we may use your personal data where it is in our legitimate interests (including but not limited to preparing statistics, analytical reports, to monitor your gambling activity to offer you a better service), except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
Disclosing your personal data
- To provide our products and services, we may share your information with companies within the Group of Companies STS.Bet limited belongs to, but also third parties who are engaged in providing the services you have chosen like: platform providers, payment providers, casino game providers;
- Any third parties who we engage to provide services to us, including but not limited to auditors, professional advisors, financial consultants, identity verification agencies, risk and fraud agencies, communication services and legal authorities etc;
- Any potential acquirer, successor, or assignee as part of any proposed merger, acquisition, sale of assets, or similar transaction in which information is required to be transferred to one or more third parties as part of such transaction;
- Any law enforcement body which may have any reasonable requirement to access your personal data for the purposes of the prevention, investigation or detection of crime;
- Any regulatory body or authorised entity where required or permitted by law, which may have any reasonable requirement to access your personal data.
All our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. Moreover, we only permit them to process your personal data for specified purposes and in accordance with our legally binding agreements.
The personal data that we process for the above mentioned purposes shall not be kept for longer than is necessary. We retain your personal data for as long as we need it to comply with our obligations under applicable law, to enforce our agreements and, if relevant, for the establishment, exercise and defence of legal claims.
We will actively review the personal data we handle, process and store, and will delete or anonymise it in a secure manner when there is no longer a legal, business or customer need for it to be retained.
In those cases where it is not possible for us to specify in advance the periods for which your personal data will be retained, we will base our determination on the following criteria:
- the purpose(s) was for which your personal data was collected;
- whether there are any statutory obligations, obliging us to continue to process your information;
- whether we have a legal basis in place to continue to process your information, including but not limited to consent;
- the value attached to your information;
- whether there are any industry practices stipulating how long information should be retained;
- the risk, cost and liability attached to such retention; and
- any other relevant circumstances.
We take appropriate security measures to protect against loss, misuse and unauthorised access, alteration, disclosure, or destruction of your information. The Company has taken steps to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services processing personal information, and will restore the availability and access to information in a timely manner in the event of a physical or technical incident.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or organisational safeguards.
All our staff who process personal data are provided with regular training on information security practices.
We have put in place procedures to deal with any suspected personal data security breach and will notify regulator of a suspected breach where we are legally required to do so. In certain cases, we will also inform you, as the data subject, of the occurrence of the breach and the steps you need to take to safeguard your rights.
If you believe your personal data has been compromised, please contact the Company’s DPO by email at [email protected]
Data Subject Rights
As a data subject you have certain rights in relation to your personal data including:
- Right of access – you have the right to ask us for copies of your personal data that is being processed. There are some restrictions which means you may not always receive all the information we process;
- Right to Erasure – you have the right to ask us to delete your personal data in certain circumstances. This is not an absolute right and shall depend on our established retention periods;
- Right to Object – you have a right to object and request that we cease the processing of your personal data where we rely on our, or a third party’s legitimate interests for processing your personal data or a task carried out in the public interest;
- Right to Portability – you may request that we provide you with certain personal data which you have provided to us in a structured, commonly used and machine-readable format. Where technically feasible, you may also request that we transmit such personal data to a third-party controller indicated by you;
- Right to Rectification – you have the right to update or correct any inaccurate personal data which we hold about you;
- Right to Restriction – you have the right to request that we stop using your personal data in certain circumstances including if you believe that we are unlawfully processing your personal data or the personal data that we hold about you is inaccurate;
- Right to withdraw your consent – where our processing is based on your consent, you have the right to withdraw your consent. Withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent;
- Right to be informed of the source – where the personal data we hold about you was not provided to us directly by you, you may also have the right to be informed of the source from which your personal data originates; and
- Right to lodge a complaint with a supervisory authority - you may contact our DPO (contact details provided above) should you require any clarification or need to discuss matters relating to the processing of your personal data. However, in case you are not satisfied with the outcome, as a data subject, you also have a right to lodge a complaint with the Information and Data Protection Commissioner, either online https://www.reportbreachidpc.com/Complaint/, or via the submission of a report by conventional mail to Information and Data Protection Commissioner, Floor 2, Airways House, High Street, Sliema, SLM 1549, Malta or by email at [email protected] Also, you may seek to enforce your rights through judicial remedy.
Your rights in relation to your personal data are not absolute. If you intend to exercise one or more of your rights, please send your request to [email protected].
No fees are applicable when exercising your rights. Moreover, you will be provided with a response without undue delay, and in any event within one month from which starts running as soon as your identity is verified.
Following your request to exercise your rights, the Company may need to request specific information from you to help verify your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Automated decision-making and profiling
We may use automated decision-making in order to fulfil obligations imposed by law to which we are subject. By way of example, to fulfil our obligations in relation to fraud, tax evasion, suspicious betting pattern reporting, providing alerts for responsible gaming amongst others.
We may also use automated decision-making in the limited instances when this is necessary for entering into, or the performance of, a contract entered between us and the data subject. Decisions on the basis of profiling are not taken automatically without human intervention. Moreover, the process is based on our interest regarding providing customised, quality experience for the players and reward loyalty of the players. You have the right to object to the processing of your personal data for automated purposes at any time by contacting us via [email protected].
We may use your personal data for the purposes of automated decision-making when displaying marketing material and personalised advertisements based on your preferences or interests. For instance, we may show you adverts for certain games or VIP/Loyalty program offers depending upon your activity. When such processing takes place, we will request your specific and explicit consent and will always provide you with the option to opt out.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Your responsibility to inform us of changes
It is important that the personal data we hold about you is accurate and current. You need to keep us informed if your personal information changes, for example, a change of surname, signature, address, and/or identity card number.
Links to other websites