Last updated: 15/09/2021
Our data protection officer and UK Representative
The Company has appointed a Data Protection Officer (‘DPO’) who is responsible for matters relating to privacy and data protection. The Company’s DPO can be reached by sending an email at firstname.lastname@example.org
The Company has appointed a representative in the United Kingdom (‘UK representative’), who can be addressed in addition to or instead of the Company on all issues related to processing. UK representative details: Ametros Group Ltd, Lakeside Offices, Thorn Business Park Hereford, Herefordshire, HR2 6JT England.
What is personal data?
Personal data is any information relating to an identified or identifiable natural living person, otherwise known as a ‘data subject’. A data subject is an individual who can be identified, directly or indirectly, by information such as name, identification number, location data, online identifier, or other data relating to their physical, physiological, genetic, mental, economic, cultural, or social identity. These categories of identifying information are known as ‘personal data’. Personal data excludes any data which has been rendered anonymous in such a manner that the data subject is no longer identifiable (anonymous data).
Special category data is data on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, data concerning a natural person's sex life or sexual orientation. The Company will only process special category data (sensitive data) under strict conditions and with an appropriate legal basis.
Data protection principles
The Company is committed towards compliance. If we need to collect, store or otherwise use your personal data, we will abide by the following data protection principles:
- Lawfulness, fairness and transparency: the processing of personal data shall take place in a lawful, fair and transparent manner;
- Purpose Limitation: the collection of personal data shall only be performed for specified, explicit and legitimate purposes and shall not be further processed in a manner that is incompatible with those purposes;
- Data Minimisation: the collection of personal data shall be adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed;
- Accuracy: the personal data shall be accurate and where necessary, kept up to date. Every reasonable step shall be taken to ensure that personal data that are inaccurate having regard to the purposes for which they are processed, are erased or rectified without delay;
- Storage Limitation: personal data shall be kept in a form which permits identification of the data subject for no longer than it is necessary for the purpose for which the personal data are processed;
- Integrity and Confidentiality: personal data shall be kept confidential and stored in a manner that ensures appropriate security. Personal data shall not be shared with third parties except when necessary and with a justifiable legal basis.
The personal data we collect
We collect and process personal data relating to you in connection with your use of this website and our relationship with you. This personal data may include:
- Information you provide us with when registering on our website, including but not limited to: first and last name, date of birth, gender, home or other physical address, email address, phone number, other information included on the documents you have provided us with
- information required to complete Know your customer (KYC) checks;
- information required to meet Safer Gambling regulations;
- Information about your use of our website, including but not limited to information about when, how and where you use the Website;
- Details of transactions you carry out via our website or in connection with your usage of our website, including but not limited to information about your game and betting history, including participation in any tournaments, promotions, information about your deposit, withdrawals, bank account and card details;
- Information you provide us within any correspondence between you and us as data controllers;
- Any other information, that is required by law including, but not limited to information about your source of wealth and your source of funds;
- Information about your betting history, patterns and preferences;
- Information about any possible criminal or money-laundering activity which our system detects;
- Any other personal information you provide us with in connection to the usage of the website.
You are not obliged to provide us with your personal data, but a failure to do so will result in us not being able to provide you with the requested services.
Be aware that we may automatically collect certain data and receive personal data about you where you provide such information through the services or other communications and interactions on the website.
The purposes of the processing and legal basis for processing
All information provided to the Company will be solely used as may be necessary to provide you with the required service. We only process your personal data where we have a lawful basis for doing so:
- Where we are required to do so in accordance with legal or regulatory obligations (including, but not limited to for the registration process, verification of the accuracy of the personal data, to monitor the gambling patterns and to identify possible responsible gambling concerns, to monitor and prevent money-laundering and other criminal offences or fraudulent behaviour);
- To perform our obligations arising out of the contract we have with you i.e. to enable you the usage of our Website, to provide you customer support, to undertake any necessary security and identity verification checks, to process any of your online transactions, to enable you participation tournaments, and for all other actions taken by us to guarantee you efficient usage of the Service;
- Where you have given your consent (including, but not limited to, sending you offers and promotions and provide you with information regarding our products and services);
- In some cases, we may use your personal data where it is in our legitimate interests (including but not limited to prevent fraudulent behaviour and patterns, to proceed with the non-invasive profiling for direct marketing, preparing statistics, analytical reports, to monitor your gambling activity to offer you a better service), except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data.
Disclosing your personal data
- To provide our products and services, we may share your information with companies within the Group of Companies STS.Bet limited belongs to, but also third parties who are engaged in providing the services you have chosen like: platform providers-to provide services, payment providers- to process your payments, casino game providers- to provide you with the products you have chosen;
- Any third parties who we engage to provide services to us, including but not limited to auditors, professional advisors, financial consultants, identity verification agencies, risk and fraud agencies, communication services and legal authorities etc;
- Any potential acquirer, successor, or assignee as part of any proposed merger, acquisition, sale of assets, or similar transaction in which information is required to be transferred to one or more third parties as part of such transaction;
- Any law enforcement body which may have any reasonable requirement to access your personal data for the purposes of the prevention, investigation or detection of crime;
- Any regulatory body or authorised entity where required or permitted by law, which may have any reasonable requirement to access your personal data.
Please be informed that we share your personal data only for the strictly limited purposes. All of our third-party service providers are required to take appropriate security measures to protect your personal data in line with our policies. Moreover, we only permit them to process your personal data for specified purposes and in accordance with our legally binding agreements.
The personal data that we process for the above mentioned purposes shall not be kept for longer than is necessary. We retain your personal data for as long as we need it to comply with our obligations under applicable law, to enforce our agreements and, if relevant, for the establishment, exercise and defence of legal claims.
Please be informed that as per STS data retention policy your personal data, with the exception for self-excluded players described below, will be kept for the period of six years after the end of a relationship with a customer. When it comes to personal data of clients, who entered a self-exclusion agreement with us we are required to store your personal data for the self-exclusion period and 6 months thereafter. As a consequence for customers, whose self-exclusion period is shorter than 6 years, the general retention rule will apply.
We will actively review the personal data we handle, process and store, and will delete or anonymise it in a secure manner when there is no longer a legal, business or customer need for it to be retained.
In those cases where it is not possible for us to specify in advance the periods for which your personal data will be retained, we will base our determination on the following criteria:
- the purpose(s) was for which your personal data was collected;
- whether there are any statutory obligations, obliging us to continue to process your information;
- whether we have a legal basis in place to continue to process your information, including but not limited to consent;
- the value attached to your information;
- whether there are any industry practices stipulating how long information should be retained;
- the risk, cost and liability attached to such retention; and
- any other relevant circumstances.
We take appropriate security measures to protect against loss, misuse and unauthorised access, alteration, disclosure, or destruction of your information. The Company has taken steps to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services processing personal information, and will restore the availability and access to information in a timely manner in the event of a physical or technical incident.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or organisational safeguards.
All our staff who process personal data are provided with regular training on information security practices.
We have put in place procedures to deal with any suspected personal data security breach and will notify the regulator of a suspected breach where we are legally required to do so. In certain cases, we will also inform you, as the data subject, of the occurrence of the breach and the steps you need to take to safeguard your rights.
If you believe your personal data has been compromised, please contact the Company’s DPO by email at email@example.com
Data Subject Rights
As a data subject you have certain rights in relation to your personal data including:
- Right of access – you have the right to ask us for copies of your personal data that is being processed. There are some restrictions which means you may not always receive all the information we process;
- Right to Erasure – you have the right to ask us to delete your personal data in certain circumstances. This is not an absolute right and shall depend on our established retention periods and regulatory obligations imposed on us;
- Right to Object – you have a right to object and request that we cease the processing of your personal data where we rely on our, or a third party’s legitimate interests for processing your personal data or a task carried out in the public interest;
- Right to Portability – you may request that we provide you with certain personal data which you have provided to us in a structured, commonly used and machine-readable format. Where technically feasible, you may also request that we transmit such personal data to a third-party controller indicated by you;
- Right to Rectification – you have the right to update or correct any inaccurate personal data which we hold about you;
- Right to Restriction – you have the right to request that we stop using your personal data in certain circumstances including if you believe that we are unlawfully processing your personal data or the personal data that we hold about you is inaccurate;
- Right to withdraw your consent – where our processing is based on your consent, you have the right to withdraw your consent. Withdrawal of your consent shall not affect the lawfulness of the processing based on your consent prior to the withdrawal of your consent;
- Right to be informed of the source – where the personal data we hold about you was not provided to us directly by you, you may also have the right to be informed of the source from which your personal data originates; and
- Right to lodge a complaint with a supervisory authority - you may contact our DPO (contact details provided above) should you require any clarification or need to discuss matters relating to the processing of your personal data. However, in case you are not satisfied with the outcome, as a data subject, you also have a right to lodge a complaint with the Information and Data Protection Commissioner, either online https://www.reportbreachidpc.com/Complaint/, or via the submission of a report by conventional mail to Information and Data Protection Commissioner, Floor 2, Airways House, High Street, Sliema, SLM 1549, Malta or by email at firstname.lastname@example.org Also, you may seek to enforce your rights through judicial remedy.
Your rights in relation to your personal data are not absolute. If you intend to exercise one or more of your rights, please send your request to email@example.com or contact our Customer Support.
No fees are applicable when exercising your rights. Moreover, you will be provided with a response without undue delay, and in any event within one month from which starts running as soon as your identity is verified. In some, justified cases, we can extend the period of reply to your request up to two further months where necessary, taking into account the complexity and number of the requests.
Following your request to exercise your rights, the Company may need to request specific information from you to help verify your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Automated decision-making is the process of making a decision by automated means without any human involvement. These decisions can be based on factual data, as well as on digitally created profiles or inferred data.
We may use automated decision-making in order to fulfil obligations imposed by law to which we are subject to. By way of example, to fulfil our obligations in relation to fraud, tax evasion, suspicious betting pattern reporting, providing alerts for responsible gaming amongst others.
We may also use automated decision-making in the limited instances when this is necessary for entering into, or the performance of, a contract entered between us and the data subject. Decisions on the basis of profiling are not taken automatically without human intervention. Moreover, the process is based on our interest regarding providing customised, quality experience for the players and reward loyalty of the players. You have the right to object to the processing of your personal data for automated purposes at any time by contacting us via firstname.lastname@example.org.
e-KYC and Responsible Gaming
STS.Bet Ltd is mandated to carry out certain checks of its customers by exchanging certain data with its third-party providers. This process is in line with the Company’s legal obligation as per applicable laws and license conditions to verify the identity of the Player prior to permitting them to gamble and, thereafter throughout the term of the relationship with the Player, if and as necessary, at our sole discretion.
Under the same principle and legal basis, we are also expected to monitor and identify players that may be playing beyond their financial means or at risk of developing problems in this regard. To this end, and in order to help our players maintain a level of affordability, we have introduced affordability checks on our players at certain levels of their activity which may result in establishing “loss limits” or an account(s). Using third-party data in conjunction with the data being presented by the Player to set appropriate limits on their account. However, players may request to amend such limits, by providing evidence, in the form of documentation, to substantiate their claim of affordability.
In either case as mentioned above and in line with applicable data protection laws and regulations, should you not wish to be subjected to automated decision-making processes, you have a right to object to it by contacting us prior to such a checks are performed. In such cases, you will be asked to personally provide evidence, in the form of documentation, for us to review and analyse your eligibility and/or affordability to play and enjoy our games.
Risk and fraud prevention
STS.Bet Ltd is also legally obliged to monitor its players’ behaviour together with other information available in order to identify those players who may be exploiting the system. The purpose of such monitoring is to manage our security, risk and prevent crime and other fraudulent activity. Based on the underlying algorithm, with the usage of a third-party service provider, based on data describing the behaviour of players, and other inferred data, a suggested risk profile is defined for each player against which we may decide to undertake certain actions, including but not limited to, minimising or blocking activity on that particular account. However, all decisions are taken with human intervention.
STS.Bet Ltd may use your personal data as part of automated decision-making processes when displaying marketing material and personalised advertisements. Such automated processes are based on your preferences and interests. Our legal basis to carry this automated decision-making process is consent, either received upon registration or during the term of your relationship with STS. The player has the facility of changing any of these marketing processes by either contacting us or by changing their preferences through their account profile.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
Your responsibility to inform us of changes
It is important that the personal data we hold about you is accurate and current. You need to keep us informed if your personal information changes, for example, a change of surname,address, and/or identity card number, any other required information.
Links to other websites