GAMBLE INSIDER - Data privacy and protection policy

General provisions

Gambleinsider (hereafter referred to as the “company”) acts as the data controller in processing customers’ personal data and/or personal data relating to individuals connected to the customer in accordance with the rules defined by the General Data Protection Regulation (GDPR) and any local regulations related to the protection of personal data.

'Personal data' means any information relating to an identified or identifiable natural person (data subject).

Gambleinsider is the data controller for data collected from its customers and is responsible for the processing of client’s personal data in accordance with this policy and applicable data protection laws mentioned above.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • Used fairly, lawfully, and transparently
  • Used for specified, explicit purposes
  • Used in a way that is adequate, relevant, and limited to only what is necessary
  • Accurate and, where necessary, kept up to date
  • Handled in a way that ensures appropriate security, including protection against unlawful or unauthorized processing, access, loss, destruction, or damage.

All employees, contractors, management board members, and other individuals of Gambleinsider are required to comply with the policy and keep the personal data they process confidential.

Personal Data Gambleinsider Collects

Personal data refers to any information that Gambleinsider has in its possession directly or indirectly referring to an individual to the extent that it can be identified or is identifiable.

Such data includes:

  • Identity data: name, surname, personal identification code, tax identity number, date and place of birth, nationality, identification document data and copy.
  • Contact data: telephone number, address, email address, billing details.
  • Data related to the economic activity: information on liabilities from the commercial register, etc.
  • Data obtained in fulfillment of obligations specified in regulatory enactments: for example, information received in the process of collecting information from investigative institutions, notaries, tax authorities, courts, and bailiffs.

Personal data is collected from clients themselves, third parties, and publicly available sources.

Purpose of acquiring personal data

Gambleinsider processes client’s personal data in accordance with the gdpr. Information regarding personal data shall be used by gambleinsider to, but not limited to:

  • Provide products and services offered by gambleinsider
  • Notify regarding any changes to gambleinsider’s products and services and to improve them
  • Carry out the necessary client due diligence measures in order to prevent money laundering and terrorist financing, as well as to ensure compliance with international sanctions, including, to ascertain the purpose of business relationship and whether client is a politically exposed person)
  • Identify and prosecute possible fraud
  • Maintain security and risk management, including service and security issues, conduct internal audits, ensure safety and security of gambleinsider’s properties and systems, money laundering and the financing of terrorism
  • Meet legal and regulatory requirements, including, but not limited to, providing assistance to law enforcement, judicial and other government agencies and conduct anti-money laundering, suppression of terrorism financing and related checks
  • To exercise internal corporate reporting, business administration, ensuring adequate insurance coverage for business, ensuring the security of company facilities, research and development, and to identify and implement business efficiencies.

Personal data is collected from clients themselves, third parties, and publicly available sources.

Transparency and Information Provision

GGambleinsider is required under the applicable laws and regulations to ensure that individuals have various information readily available to them. This requirement is subject to exceptions. However, these exceptions are of relatively wide application in the context of individual and/or transaction management. In particular

  • Information only needs to be made available where it is practicable to do so.
  • In the case of personal data which are not collected directly from the individuals (for example, payee data collected from a payer customer), gambleinsider is not obliged to provide information if to do so would involve disproportionate effort
  • Gambleinsider takes the view that it can assume that individuals have, and need not therefore make available, information which should reasonably be obvious to them.

The information made available to Gambleinsider’s partners includes:

  • Gambleinsider’s corporate details and contacts.
  • • The purposes for which gambleinsider expects to process the persona data, and related information (including know-your-client and related compliance purposes as well as the execution of transactions and customer management generally)
  • • The categories of person to whom gambleinsider may disclose customer data (including any person with whom gambleinsider might share data for fraud prevention purposes; and regulatory and prosecuting authorities).
  • The following further information, which, gambleinsider considers, needs to be provided to ensure that it’s processing of customer data is compliant.

Disclosure of client’s personal data

Gambleinsider shall not disclose, rent, transfer or sell any of the client’s personal data to anyone except as described in this policy below, or without client’s explicit consent

For one or more of the previously mentioned purposes, client’s personal data may be shared with the following third parties:

  • Gambleinsider’s brands, subsidiaries, related and/or associated companies;
  • Any party in relation to legal proceedings or prospective legal proceedings;
  • Auditors, consultants, lawyers, accountants or other financial or professional advisers appointed in connection with gambleinsider’s business on a strictly confidential basis, appointed by gambleinsider to provide services to the business;
  • Any party nominated or appointed by gambleinsider either solely or jointly with other service providers, who provide services or conduct data processing on gambleinsider’s behalf, or for data centralization and/or logistics purposes;
  • Data centres and/or servers located within or outside the client’s country for data storage purposes;
  • Storage facility and records management service providers;
  • Government agencies, law enforcement agencies, courts, tribunals, regulatory/professional bodies, industry regulators, ministries, and/or statutory agencies or bodies, offices or municipality in any country, if required or authorised to do so, to satisfy any applicable law, regulation, order or judgment of a court or tribunal or queries from the relevant authorities;
  • Credit reference/reporting agencies for the purpose of credit checking;
  • Gambleinsider’s business/marketing partners, third party product and/or service providers, suppliers, vendors, distributors, contractors or agents, on a need-to-know basis, that provide related products and/or services in connection with gambleinsider’s business on its behalf or to assist gambleinsider with the provision of the website and/or service to the client;
  • Banks and financial institutions, credit/debit card companies in connection with the client’s commercial transactions with gambleinsider;
  • Any other person reasonably requiring the same in order for gambleinsider to operate and maintain its business or carry out the activities set out in the purposes or as instructed/authorised by the client.

Data Security

In order to prevent unauthorised access, disclosure or other similar risks, gambleinsider has implemented appropriate technical, physical, electronic and procedural security measures in accordance with nis 2, dora, … to safeguard against and prevent the unauthorised or unlawful processing of client’s personal data, and the destruction of, or accidental loss, damage to, alteration of, unauthorised disclosure of or access to client’s personal data.

Measures implemented by gambleinsider to ensure the security and protection of client’s personal data include, without limitation:

  • Safeguards to prevent security breaches in GambleInsider’s network and database systems.
  • Limits on access to information in GambleInsider’s systems and the systems of business partners and vendors.
  • Strict verification processes to prevent unauthorized access to information.
  • Physical access control, protection of the accesses to the premises and server rooms.
  • Backup data centre.
  • Filtered, secure internet access.
  • Segmentation network.
  • Use of an SSL-type encryption protocol for the transmission of data between the servers of GambleInsider or its service providers.
  • Regular backups replicated in the backup data centre.
  • Securing of hardware, servers, and applications via specific accounts with regular inventories.
  • Logical access control, management of accreditations for accessing data, and only allowing necessary resources to access data.
  • Separation of development/acceptance, pre-production, and production environments.
  • Encryption.

Storage and Retention of Personal Data

Gambleinsider implementedgenerallyacceptedstandardsoftechnologyandoperational security to protect personal data from loss, misuse, alteration or destruction. Gambleinsider requires all contractors to keep personal data confidential and only authorized personnel have access to this data.

Any of gambleinsider personal data that’s provided is retained for as long as the purposes for which the personal data was collected continues.

Personal data is destroyed or anonymised from records and back-up systems in accordance with gambleinsider’s retention policy and is a key part of the lifecycle of a record. It shows how long a business needs to keep a piece of information (record), where it's stored and how to dispose of the record when its time) in the event personal data is no longer required for the said purposes unless its further retention is required to satisfy a longer retention period to meet gambleinsider’s operational, legal, regulatory, tax or accounting requirements.

Guidelines for Engaging Data Processors

A data processor processes personal data on behalf of gambleinsider, according to the instructions given by gambleinsider.

Gambleinsider may only engage such data processors that provide sufficient guarantees for the protection of personal data being processed and implements appropriate technical and organisational measures.