We mean identifiable information about you when we say ‘Personal Data’ like your name, email, telephone number, payment account details, payment information, address, support queries, chat comments, betting history, and so on. This Policy does not apply if you can’t be identified (for example, when Personal Data has been aggregated and anonymized).
From time to time, we may need to update this Policy. We will make sure we let you know, where a change is significant, usually by sending you an email or posting a notification on the Websites.
2. Who Are ‘We’?
We mean 1win N.V., a company located at Perseusweg 27 A Curacao, CW, when we refer to ‘we’ (or ‘our’ or ‘us’).
1win N.V. provides an online betting services under Curaçao license 8048/JAZ2018-040.
When we act as a controller concerning your personal data, for European Union data protection purposes, MFI INVESTMENTS LIMITED, is our representative in the EU, a company, whose registered office is at 3, Chytron Street, Flat/Office 301, P.C. 1075 Nicosia, Cyprus.
3. What Data We Collect and How We Do That
We collect and process your Personal Data when you visit our Websites or use our Services. The ways we collect it can be broadly classified into the following:
Information you provide to us directly
We might ask you to provide Personal Data to us when you visit or use some parts of our Websites and/or Services. For example, we ask for your contact information or certain documents during verification and anti-money laundering procedures or an anti-fraud check, upon registration, or when you request support or contact us with questions.
Information we collect automatically
When you visit our Websites or use our Services, we collect some information about you automatically, like your IP address, operating system, crash reports, system activity, device type and settings, browser type and settings, and the date, time, and referrer URL of your request. This information is useful for us so that we can continue to provide the best experience possible, and it helps us get a better understanding of how you are using our Websites and Services. For example, we can figure out which language you speak using information from your browser.
Some of this information is collected using cookies, third-party tools like Google Analytics, and similar tracking technologies.
We also collect details of the transactions you carry out with us and your account activity.
Information we get from third parties
Sometimes we might collect Personal Data about you from other sources, such as trusted third parties like our payment providers and publicly available materials. We use this information to supplement the Personal Data we hold about you, to better inform, improve, or personalize our Services, and to validate your Personal Data.
4. Legal Grounds to Process Personal Data
Only when we have the legal basis for the processing of your Personal Data set out in applicable data protection laws, only then we will process it, once we collect Personal Data. Such legal bases include:
The performance of a contract
Where it is necessary for the performance of a contract, we may process your Personal Data. For example, when you enter into agreements with us or when you register on the Website, or when we take steps related to a contract, such as facilitation of transactions taking place on the Websites.
A legal obligation
Various regulations and laws impose certain obligations on us. We have to process your Personal Data, to comply with them, for example, to comply with responsible gaming regulations, anti-money laundering legislation, and the conditions of our gambling license.
The legitimate interests
When we, other companies in our group of companies or third parties have a business or commercial reason to process your Personal Data, then Your Personal Data may be processed.
When it is required for direct marketing purposes, or in other limited cases, we process your Personal Data based on your consent.
5. How We Use Personal Data
Use of your Personal Data (Legal Basis):
To ensure our Websites and Services work as intended, operate our Websites, and deliver Services you have requested (Performance of a contract Legitimate interest);
To determine if you may use certain Services, including when we check your geographic location, age, self-exclusion, or identity status, and to set up and operate your account (Legitimate Interest, Performance of a contract);
To perform legal duties, obligations, responsibilities, prevent illegal activities, including money laundering and match-fixing (Legal obligation), to comply with any laws and regulations that apply to us and with the conditions of our gambling license;
To support you, including assisting with the resolution of issues relating to the Websites or Services (Performance of a contract) or technical or payment issues;
To carry out technical analysis of our Websites and Services so that we can optimize your user experience and provide you with more efficient tools (Legitimate interest), and to enhance our Websites and Services, test and develop new features;
To detect and report a crime, prevent, protect you, other users, and us, for example, by ensuring mitigating security risks, network, and information security, detecting and preventing any fraudulent or malicious activity, and making sure that everyone is following the agreements (Legal obligation, Legitimate Interest, Performance of a contract) and using our Websites and Services fairly;
To prepare statistics, to analyze and aggregate data, in particular, to produce anonymized and aggregated reports and analytics, which we may share publicly and use internally or with third parties (Legitimate interest);
To manage, facilitate, and confirm financial transactions (Performance of a contract, Legitimate interest);
To verify your credentials using third parties, including financial institutions, identification verification agencies, and credit reference agencies., and analyze your fraud risk (Legal obligation, Performance of a contract, Legitimate interest);
For responsible gaming purposes, to assess your gambling activity (Legal obligation, Legitimate Interest, Performance of a contract);
To manage our risk and odds and monitor betting activity (Legitimate Interest, Performance of a contract);
To other agreements with you (Performance of a contract) and to exercise our rights set out in the agreements;
In our group of companies, for internal administrative purposes or to disclose information to companies following a restructure (Legitimate interest);
To manage our relationship and communicate with you. This may include:
operational communications, like information about new features, bonuses, and promotions, security updates, or assistance with using our Websites and Services, changes to our Websites and Services, marketing communications, and providing you with the information we are required to send to you or the information you have requested from us (Performance of a contract, Legitimate interest, Your consent)
6. How We Can Share Your Personal Data
There will be times when we need to share our Personal Data with third parties. We will disclose your Personal Data to: o Other companies in our group of companies;
- Affiliates and other persons that introduce you to us;
- Regulators, government bodies, courts, law enforcement agencies, fraud prevention agencies, licensing bodies, eSports self-governing bodies, or other third parties, to exercise, establish or defend our legal rights (where possible and appropriate, we will notify you of this type of disclosure) or where we think it is necessary to comply with applicable laws or regulations;
- Third-party service partners and providers who assist us in the provision of Websites and Services which you have requested, for example, to those who support the delivery of, or market, or promote our Websites and Services, or provide functionality on Websites or for Services;
- Other persons where we have your consent.
7. International Data Transfers
When we process and share data, it may be transferred to, and processed in, countries other than your country. These countries may have laws different from what you are used to. We put safeguards in place to ensure your Personal Data remains protected where Personal Data are processed in another country,
This means that your data may be transferred outside of the EEA for individuals in the European Economic Area (EEA). Where your Personal Data is transferred outside the EEA, to protect your Personal Data, it will be transferred to countries where we have compliant transfer mechanisms in place, in particular, by implementing the European Commission’s Standard Contractual Clauses.
We have appropriate technical and organizational measures in place and are committed to protecting your Personal Data, including:
- Data encryption. Using industry-standard TLS (Transport Layer Security)We encrypt all data that goes between you and us, protecting your personal and financial data. When it is stored on our servers, your data is also encrypted. It is also encrypted when we transfer it for backup and replication between data centers.
- Limited access. We restrict access to personal information to our contractors, employees, and agents who require that information to process it.
- Network protection. Multiple layers of security control guard access to and within our environment, including intrusion protection systems, firewalls, and network segregation. Our security services are monitored, configured, and maintained based on industry best practices. To leverage their expertise and global threat intelligence to protect our systems, we partner with industry-leading security vendors.
- Secure data centers. To prevent physical access to the servers they house, our servers are located within enterprise-grade hosting facilities that employ robust physical security controls. These controls include on-site security staff and regular ongoing security audits, and 24/7/365 monitoring and surveillance. To minimize the risk of data loss or outages, we maintain geographically separated data replicas
- Security monitoring. Our security team continuously monitors event logs, security systems, alerts, and notifications from all systems to identify and manage threats.
9. Data Retention
Some data is deleted automatically, some data you can delete whenever you like, and some data we retain for longer periods when necessary. We make sure that your data is safely and completely removed from our servers or retained only in anonymized form when the data is being deleted.
Information is retained until you remove it
We offer a range of services that are stored in your account or allow you to correct or delete data associated with it. For example, you can:
- Edit information about yourself, or
- Delete your account entirely, or
- Delete a chat post.
- To allow us to meet our regulatory and legal obligations and defend ourselves against any claims following the closure of your account (when applicable) or your last contact with us, we will keep this data in your account until it is not closed and for a period of five years.
- Information retained for extended periods for limited purposes
- Sometimes business and legal requirements oblige us to retain certain information, for an extended period, for specific purposes. For example, we will retain the Personal Data of this person for longer periods as required for purposes of responsible gaming, when a person self-excludes from our Services.
- Reasons we might retain some data for longer periods include:
- To protect you, other persons, and us from abuse, illegal activity, fraud, and unauthorized access, for example, when suspect someone is engaged in match-fixing, is committing fraud, or launders money.
- To carry out accounting or facilitate dispute resolution, and to comply with tax, anti-money laundering and other financial regulations. For example, when we are party to a financial transaction, including when we receive your deposits and make payouts to you.
- When we are required to enforce the agreements, including investigation of potential violations, or to meet any comply with applicable law, regulation, legal process, or enforceable governmental request.
- To ensure the continuity of our Services to you and other users.
- If you have directly communicated with us, for example, providing feedback or a bug report or through a customer support channel.
- The Company is committed to safeguarding the confidentiality of your personal information or data it collects, uses, and holds following the applicable data protection laws and regulations, such as applicable International Data Protection Regulations like the General Data Protection regulation of 2016/679 (GDPR) (hereinafter ‘Data Protection Laws’) and the provisions of the (country) Data Protection Laws.
10. Your Rights
You possess specific rights relating to your Personal Data:
- ask us to correct inaccurate Personal Data concerning you or correct them yourself;
- To know what Personal Data we hold about you;
- To get access to your Personal Data and ask for its copy in a machine-readable format, for instance, if you want to back it up;
- In case we are doing it for our legitimate interests, you can object to our processing of your Personal Data. Please note that we may still process your Personal Data where we have compelling grounds to continue processing in our interests which are not overridden by your rights, interests, or freedoms, or where there are other relevant lawful bases.
- To ask us to erase your Personal Data, including to delete your account, solely where (1) where you have withdrawn your consent and your consent has been the legal basis for processing, (2) it is no longer necessary for us to process it, (3) your Personal Data has been unlawfully processed, (4) you have exercised your right to object and there are no overriding legitimate grounds for the processing, (5) or where erasing your Personal Data is required following a legal obligation. Please, note that we will not erase and still will retain data, in case it is needed for the establishment, exercise, or defense of legal claims, or, for instance, when Personal Data needs to be kept for our legitimate interests that override your request, for compliance with a legal obligation.
- To ask us to restrict the processing of your Personal Data in certain circumstances.
- To withdraw your previously provided consent where your consent has been asked to process the Personal Data. Please note, that we may still process your Personal Data where there are other relevant lawful bases for us to rely on.
- To object to direct marketing and to any profiling (to the extent that it relates solely to direct marketing). You can ask us not to send you these at any time when it comes to marketing communications, – just send your request to [email protected] or follow the unsubscribe instructions contained in the marketing communication.
- To complain to your local data protection authority.
- Please note that not all detailed above rights are absolute.
- At any time you can exercise your rights by making adjustments to your account or by sending an email to [email protected].
- Before we take any requested action, we may require evidence of and be satisfied with your identity
- Please let us know by sending an email [email protected] if you are not happy with how we are processing your Personal Data. We will try to get back to you within a reasonable time frame and review and investigate your complaint.
11. Use of Google Analytics
12. SSL encryption
All critical correspondence between the user and the website is encrypted with Secure Socket Layer technology (SSL) using a 256-bit key.