Whether you are our client or not, we understand the importance to you of your personal data and of your right to privacy. The purpose of this document is to reassure you that we are committed to continuing to do our utmost to keeping your personal data as safe as possible. In order to do this, we invite you to read on and learn about the type of personal data we collect, when we collect it, why we do so, what we do with it – including who we may have to share it with and why – and how long we keep it for and why.
By doing this, we hope to give you a clearer picture of how we do things and how you can better manage and control your personal data. However, if you have any questions or need any clarifications whatsoever, our Data Protection Officer (“DPO”) will be more than glad to help you. Please send any such requests to [email protected]
Purpose of Policy
This website is solely intended for persons over the age of 18. If it becomes apparent to us that We have collected personal data relating to persons under the age of 18, due to reasons relating to abuse of our website, we do our utmost to ensure that such data is handled in accordance with applicable law.
We shall protect your personal data and always respect your privacy in accordance with the best business practices and applicable laws. You are responsible for providing us with personal data that is correct and inform us of any changes occurring in your data in writing, in order that we may take all reasonable measures to keep our records in your regard correct and up to date.
You also have the right to file a complaint with the Information and Data Protection Commission (“IDPC”) at any time on telephone number +356 2328 7100, email address [email protected] or by post on Information and Data Protection Commissioner, Level 2, Airways House, High Street, Sliema, SLM 1549, Malta, the IDPC being the main Supervisory Authority for data protection matters in Malta. However, we would truly appreciate the opportunity to address your issues before you contact the IDPC, so kindly contact us in the first instance.
What is personal data?
Why do we collect data?
We may collect, use, store, and transfer different kinds of personal data. Our legal bases for processing are Legal Obligations – are we required by law or regulations to process this data.
- Legal Obligations – are we required by law or regulations to process this data.
- Legitimate interest – when relying on this legal ground, it means that we process your data in the interest of conducting and managing our business to ultimately provide you the best service and experience we possibly could. Before relying on this ground, we ensure that we evaluate that potential impact such processing may have on you and your rights. Therefore, we do not rely on this ground where your rights and interests as a data subject override our interests to process such data;
- Performance of contract – is the processing of personal data necessary for the performance of contractual obligations we enter into with you and which you are a party to (i.e. the Terms and Conditions)
- Consent – Where consent is used as a legal basis for processing your data, we only process your data in such a manner for as long as we have your consent to do so. If, at any time, you feel that you no longer wish for us to process your data in such a manner, we will no longer do so. However, this will not affect any processing of personal data that we carried out with your consent prior to the removal of your consent. Once you have consented to the processing of your data, you may also withdraw such consent by emailing [email protected]
What data do we collect and how?
We collect this data when you create an account with Gambl Limited.
- Identification Data: this includes full name, username of choice, date of birth, and gender.
- Contact Data: this includes email address, home address, and mobile phone number.
VERIFICATION OF IDENTITY & DUE DILIGENCE
We may request to collect data to verify your identity and conduct due diligence or a know your customer process (KYC). You would usually need to verify your identity when reaching certain deposit and withdrawal amounts and to collect winnings. The information will be requested by the Company through a pop up on our Web Application and/or via email, or via a third party service provider. The information must be uploaded or sent via email to [email protected] depending on instructions.
This data might include:
- Proof of Identity Documents – Any valid government issued/recognized document, including but not limited to, a photo Identity Card; Driver’s License; Passport; or Birth Certificate.
- Proof of Address Documents – Any valid utility bill or document with a name and address clearly stated, including, but not limited to, an ID Card; bank statement; bank reference; correspondence with a government authority, department or agency; mobile bill; credit card bill; an official conduct certificate; or any other government issued document not already mentioned, not more than 3 months old.
- Proof of Payment Method For Last Deposit – Bank Statement; copy of a portion of a Credit Card; screenshot of SMS receipt for Mobile Credit; copy of a voucher; screenshot of an eWallet home page as proof that you are logged into your payment gateway account.
- Source of Funds Used For a Deposit – Bank statement; pay slip issued by employer; recent Income Tax Return or Tax Bills; or any other valid proof of income.
- Source of Wealth Document: Documentation which will allow the determination of the activities which generates your net worth.
DEPOSITS, WITHDRAWALS & OTHER TRANSACTIONS
This data is requested when making deposits and withdrawals from or to your Gambl Limited account. Data is also be requested when certain activities are noticed or if you are a politically exposed person.
- Financial Data: this would include the financial details relating to your deposit and withdrawal methods of your choice, your bank details, credit card details, or all relevant details relating to the chosen payment methods.
- Transaction Data: this includes details relating to payments made to and by you. Documents from the list above will be requested for:
- Accumulated deposits of €2,000 or greater over a 180-day rolling period;
- Accumulated deposits of €150 per month using cash-like payment methods, such as vouchers;
- Deposits made from certain countries; and
- Accumulated deposits of €6,500 or greater over a 180-day rolling period. Documents will also be requested when withdrawal requests are made and win cash prizes are won. Documents may be requested in other instances as deemed necessary by the Company.
This data is collected automatically when using the service. This data includes details relating to the games you play on our website i.e. your gaming activity.
This data is collected when you contact us via email, chat support, or phone. Data we collect may include information relating to your communications with us via email, chat support or phone. Email correspondence and live chat, and phone calls may be recorded for record- keeping requirements.
This data is collected automatically when using our service. The data we collect may relate to your gaming habits and your preferences.
This data is collected when using our service. Data we collect may include your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
This data is collected when using our service. Data we collect may include data relating to how you use our website.
This data is collected when using our service. Data we collect may include your preferences relating to receiving marketing messages from us and other third parties (such as affiliates), as well as your communication preferences.
You may find further information below relating to how we may process your data for the following reasons:
- Marketing – we do our best to ensure that you have the utmost control over what kind of marketing material you receive from us or from other third parties on our behalf. Should you wish to revoke your consent for certain processing activities, please email [email protected] or fill out the form on the “Contact” page of our website and select “Privacy and Data Protection” as the subject. It may take up to 48 hours for us to ensure that the changes were implemented into our systems and those of our marketing partners (and therefore you might receive some emails or information from us within those 48 hours for this reason).
- AML and social responsibility – Gambl Limited is committed to providing you with the safest and most secure gaming environment we could possibly provide. For this reason, we may process certain personal data relating to you to an extent which slightly exceeds the statutory requirements, however this is done for your own safety and peace of mind. We have a legitimate interest to do so, as we feel responsible for your online safety, however we can assure you that none of the checks we carry out are unnecessarily invasive to your rights and freedoms as a data subject.
Your personal data shall not be processed for purposes other than those it was collected for; should further processing be required, you will be informed of that purpose and provided with all necessary information.
How We Share Information
These third parties include:
- Game providers – sometimes our game providers would require access to select data attributes (such as username, IP address, for instance), in order to provide us with the games you play on our website; These include Lottomatrix
- Payments providers – similarly, we may share some of your personal data with the payment providers you use to make and receive payments on our website; These include APCO service providers
- Governmental or regulatory authorities – where we are legally obliged to disclose your data, we may have to share your personal data with such bodies. Namely FIAU
We may, if necessary or when authorized by law, provide your personal data to law enforcement agencies, governmental or regulatory organizations, courts or other public authorities. We attempt to notify all our customers about legal demands for their personal data unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe that the requests are disproportionate, vague or lack proper authority, but we do not promise to challenge every demand.
The operator is not going to opt for an automated decision taking.
Transfers of Personal Data
Some of the service providers outlined in section 3 above may be based in countries which do not form part of the European Economic Area (“EEA”). This may mean that your data may be stored in a location outside of the EEA. Whenever any transfers of your personal data are made to Data Processors located outside of the EEA, we always ensure that your data is protected in the same way as it is in the EEA.
In order to ensure the protection of your data, we implement at least one of the following safeguards:
- Adequacy decision – we ensure that we transfer your personal data to countries providing an adequate level of protection according to the European Commission;
- US / Swiss Privacy Shield – where the Data Processors we use are based in the United States of America or Switzerland, we try to ensure that such Data Processors are approved under the Privacy Shield. This Privacy Shield ensures that the Data Processors provide similar protection to personal data shared between the EEA and the United States or Switzerland;
- Standard clauses – where the Data Processor is not based in a country benefiting from an adequacy decision or is not part of the US/Swiss privacy shield, as explained in (i) and (ii) above, we may use specific contracts, known as standard contract clauses, which are model contracts approved by the European Commission. These contracts also ensure that the personal data is afforded the same protection as it is in the EEA.
- Data Security Measures
Gambl Limited always strives to ensure that your data is safe, both in our hands and in the hands of any third-party to whom we may disclose your data. Internally, we have put in place a number of security measures, both from a technical aspect as well as from an organizational aspect, to ensure that your data is not accidentally lost, used, accessed in an unauthorized manner, altered, or disclosed.
We also ensure that access to your personal data is determined on a ‘need-to-know’ basis, meaning that only the persons who have a direct need to access your personal data will have access to it. Furthermore, anyone having access to your personal data is subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected or actual personal data breaches. We will notify both you as an affected data subject and the supervisory authority concerned of any such data breach whenever we are legally required to do so and we shall maintain a log of any such breaches.
Gambl Limited shall only retain your personal data for as long as necessary in view of the purposes for which they were collected. Such purposes could include the satisfaction of any legal, accounting, or reporting requirements.
When determining the appropriate retention period applicable to your data, we take several factors into consideration, such as the nature and sensitivity of the personal data, the potential risks surrounding the unauthorized use or disclosure of such data, the purposes for which we collect and process such data, and the applicable laws and/or regulatory requirements imposed on us.
Please feel free to contact our DPO on the contact details provided above for further information on our retention periods.
Data protection law gives you, as a data subject, certain rights in certain circumstances. In accordance with law, you have a right to:
- Request access to your personal data – This means that you have a right to request, free of charge, a copy of the personal data we hold about you;
- Request the correction of your personal data – This means that if any personal data we hold about you is incomplete or incorrect, you have a right to have this corrected. Keep in mind, however, that we may need you to provide evidence and documentation (such as your ID documentation or proof of address) to support your request;
- Request the erasure of your personal data (i.e. the right to be forgotten) – This means that you may request the erasure of your personal data where we no longer have a legitimate reason to continue processing it or retaining it. Please be aware that this right is not absolute – meaning that we are not able to satisfy your request where we are obliged under a legal obligation to retain the data, or where we have reason that the retention of data is necessary for us to defend ourselves in a legal dispute;
- Object to the processing of your personal data – where we rely on our legitimate interests (or those of a third party) to process your data and you feel that our processing of your data in such a manner impacts your fundamental rights and freedoms. However, in some cases, we may be able to demonstrate that we have a compelling legitimate ground to process your data which may override your rights and freedoms. You may submit your objections to processing of your personal data on the grounds of the above-mentioned legitimate company interests by contacting our Data Protection Officer;
- Request the restriction of the processing of your personal data – You may ask us to temporarily suspend the processing of your personal data in one of the following scenarios: (a) where you want us to establish the accuracy of the data, (b) where our use of the data is unlawful but you do not wish for us to delete it, (c) where you need us to retain your data even when we no longer need it in order for you to establish, exercise, or defend legal claims, or (d) where you have objected the use of your data but we need to verify whether we have overriding legitimate grounds to use it;
- Request the transfer of your personal data (i.e. data portability) – This means you may request us to transfer certain data we process about you to a third party. This right only applies to data acquired through automated means which you initially provided consent for us to use, or where we used the data to perform our obligations under a contract with you;
- Withdraw your consent at any time where we rely on your consent to process the data – ‘Opting out’ or withdrawing your consent will not affect the lawfulness of the processing carried out by us up until the time you withdrew your consent. Withdrawing your consent means that, going forward, you no longer wish for us to process your data in such a manner. This means that you may no longer consent for us to provide you with certain services (such as marketing);
In order to exercise your rights as explained above, we may need to request specific information about you to help us verify your identity. This is a security measure to ensure that we are certain that the person to whom we disclose your personal data is really you.
We will do our utmost to respond to all legitimate requests within a one-month timeframe from the submission of a request. If your request is particularly complex, or if you have made multiple requests in a certain time period, it may take us a little longer. In such a case, we will notify you of this extension.