Privacy Notice

This Privacy Notice describes how Palasino Malta Limited (or otherwise referred to herein as “Palasino”,” Company” "us" or "we") treats your personal information and the data provided to us in order to be able to manage our relationship. We manage any personal information you provide to us (either through the website www.palasino.com or through any other similar means) and are kept by us in relation to you in the manner specified in this Privacy Notice.

1 Who are we?

We are Palasino Malta Limited, a Maltese Company whose registered address is at 170, Pater House, Level1, (Suite A285), Psaila Street, B'Kara BKR 9077. You can contact us by writing at customersupport@palasino.com. We have appointed a Data Protection Officer, who may be contacted at dataprotection@palasinomalta.ltd

2 Why do we collect personal data?

We need to collect data from you to be able to provide you with the service of remote gaming. This may include the need to share this data with our partner companies and service providers, with whom we would have established safeguards to protect your data, for the purpose of providing you with our services as requested when you signed up and accepted the terms and conditions.

When we provide remote gaming services to our customers, we must collect personal data from you so that we can comply with our legal obligations related to our remote gaming licence requirements, as per the Malta Gaming Authority’s Regulations and Guidelines, for company tax reporting obligations to the tax authorities, and to meet our obligation to assist authorities, when requested, in the investigation of potential criminal activity. Failure to provide us with the requested personal data will preclude us from providing you with our services.

We also have a legitimate interest to protect our services from promotion abuse, fraudulent activities, and internet security risks. This also allows us to ensure the security, integrity, accessibility and availability of our data and services.

We may offer marketing communications so that you are constantly kept updated with news about new products, bonuses, special offers and other similar promotions. When this happens, we will ask for your consent to receive such communications. You will have the right at all times and at no cost to withdraw your consent either through your account profile privacy settings or by sending us an email at dataprotection@palasinomalta.ltd.

3 What personal data do we collect?

We may collect and process the following categories of personal data:

i. Personal identification and communication details provided to us by completing the registration form on the website or any other information you submit to us through the website or by email.
ii. Verification documents provided for Identity, Age and Address, Payment Method verification and other documentation we may request due to our obligations at law.
iii. Contact information collected through the website, email, telephone, or other media.
iv. Your answers to questionnaires or surveys we may conduct directly or through third parties.
v. Elements of transactions, including financial accounts information that you may provide us, made through the website, telephone, or other media.
vi. Details of your visits to the site, including but not limited to traffic data, site information, weblogs, geolocation, and other contact information.
vii. Telephone calls or chat sessions to and from our Customer Service Department are recorded for security and educational purposes along with the resolution of questions arising from the service provided to you.

We do not collect special categories of data on a regular basis; however, we may receive such data from you if you tell us that you have a problem controlling your betting activity. We would treat such data as equivalent to health data and protect it accordingly.

4 Use of Cookies

We use cookies as a means of collecting information from an internet server for the below reasons, at visiting of the site by a member.

Cookies contain information that is transferred to your computer's hard drive. They help us to improve the website and provide better and more personalized services. Some of the cookies we use are necessary for the operation of the site. For those types of cookies that do not contribute to the operations on the website, we are required to obtain your consent.

If you want to delete any cookies already stored on your computer or stop cookies that record your browsing habits on the webpage, you can do so by deleting your existing cookies and / or by changing your browser's privacy settings to block cookies (the procedure you follow will vary depending on the browser). Please note that by deleting our cookies or by deactivating our future cookies, you may not be able to access certain sites or services on the site.

To find out more, please read our Cookies Policy.

5 Why do we process your data?

We use your personal data to:

1) Create, operate, and manage your account;
2) Allow you to participate in games and perform relevant functions to participate in them;
3) Carry out identification procedures for your participation in the game;
4) To place your bets, and to process online payments;
5) Comply with the legal and regulatory frameworks governing our operations, including transmission of personal details, personal data about transactions and traffic data to authorities;
6) Create personal profiles for Fraud and Anti-Money Laundering Risk Assessment purposes;
7) Track transactions for the purpose of preventing fraud, abnormal betting, money laundering and fraud, including exchanging personal data with our suppliers of Payment Processing services;
8) Conduct research, questionnaires, and analysis;
9) Our remote gaming licence obligations to the Malta Gaming Authority;
10) For company tax reporting obligations to the tax authorities;
11) Meet our obligations to inform and assist relevant authorities in relation to any potential criminal activities such as fraud, money laundering or terrorist financing; and
12) any other relevant legislation that requires us to provide some personal information.

When you explicitly consent to marketing, we use your data to provide you with information about site changes, new services, offers and promotions. In case you do not wish to no longer receive marketing information, you have the right to opt-out of this service. You can opt in again to receiving marketing communications by emailing our support department.

To provide our services, and for the purpose of preventing illegitimate use of our services, we carry out profiling of our customers and their activities using automated processes. However, any decisions taken based on these profiles and information are taken by natural persons.

6 Where do we keep your data?

We take all industry standard precautions to keep your personal data secure within our European Union physically located servers, namely in Frankfurt, Germany. These servers may in turn be accessed through encrypted connections over the internet. For this purpose, we do our utmost to follow best security practices and standards and to use providers which ensure an adequate level of security. Who do we share your personal data with?

In the event of the need of supply of personal data to third parties, a specific opt-in for transfer of your data to these third parties will be provided where the names of such parties and the purpose such persons may use your data will be disclosed. Such events may include for example marketing.

The Company may, however, disclose or transfer data you provide to us, or inferred data based on your data for multiple purposes such as to provide you with our services including but not limited to payment processing, customer support and Anti-Fraud / Anti-Money Laundering checks.

The company may disclose or transfer data you provide to us, or inferred data based on your data for multiple purposes as described in the following sections.

A list of our third-party suppliers can be provided upon request.

Disclosures to third parties to provide you with services.

Your personal data is transferred to some companies to carry out the following processes:

− Payment processing;
− Marketing, where consent has been provided;
− Anti-Fraud and Anti-Money Laundering checks;
− Other Data Controllers;
− Joint Controllers;
− Data Processors.

All mandatory information along with additional requested one, provided by players or potential players during the registration process may be processed for anti-money laundering (AML) purposes.

We ensure that data transfers with service providers are covered with appropriate controller-processor contracts and safeguards as specified by the General Data Protection Regulation (EU2016/679). Such contracts include confidentiality, strict processing rules, security safeguards, breach notification requirements and provision of assistance to the Company so that any exercise of your rights is satisfied.

In the event of a sale or purchase of any business, asset or share, we will attempt to inform you of it, as well as of the identity of the new Data Controller either by directly contacting you, by placing public notices on our website and potentially by using other appropriate media.

Disclosures to third parties to satisfy regulatory obligations and legitimate interests.

When processing your betting account and its associated transactions, the company and its contracted processors may need to appeal to credit rating agencies, fraud detection agencies and money laundering agencies to be able to comply with its regulatory and statutory obligations.

The purpose of such communications would be to:

− Assess whether you may be a Politically Exposed Person or an individual subject to Financial Sanctions.
− Assess whether your personal details are similar to those of people suspected of having committed fraud or money laundering.
− Verify your personal details through electronic means by matching against third party databases.

Where such information is requested by payment providers in relation to enquiries regarding fraud, we shall also provide such personal data as long as the request for information is aimed to protect your rights and/or, the legitimate interest of the company to protect itself from fraud.

We ensure that data transfers outside of the company are covered by appropriate controller-processor contracts and safeguards as specified by the General Data Protection Regulation (EU2016/679). Such contracts include confidentiality, strict processing rules, security safeguards, breach notification requirements and provision of assistance to Namene so that any exercise of your rights is satisfied.

Disclosures to regulatory authorities

To satisfy our legal obligations, we may be requested to disclose your data to the:

− Malta Gaming Authority;
− The Financial Intelligence Analysis Unit (FIAU);
− Sanctions Monitoring Board;
− Other applicable Law enforcement bodies where so requested.

This can include transferring of all personal details, verification documents, payment and betting transaction history, communications history, and any other information we have about you. The methods of transfer of such data may be prescribed by the relevant authority, over which we do not have control.

Disclosures for marketing purposes

The Company may share personal data with marketing partners only based on a freely given, specific, informed, and unambiguous consent from you. Such partners would be limited to receive contact information such as e-mail address and sports preferences for marketing reasons.

You can withdraw your consent at all times through your account profile or by contacting us on dataprotection@palasinomalta.ltd. Should you withdraw your consent, the company will inform marketing partners to stop their marketing communications to you as soon as we receive your request.

7 Data transfers to third countries

The company may share your personal data to third parties located outside of the European Economic Area (EEA); we will always ensure a similar degree of protection when transferring personal data outside the EEA, using measures such as transferring to countries deemed to hold an adequate level of data protection by the European Commission, and/or Standard Contractual Clauses issued by the European Commission and any additional measures if required.

8 For how long do we keep your data?

After the closure of any account, the company retains certain elements of personal data for a period of up to 10 years to meet our legal obligations towards Anti-Money Laundering and Countering Finance of Terrorism, Company and Taxation record-keeping obligations.

Specifically:

A. For up to one (1) year from last activity: Details of your visits to the site, including but not limited to traffic data, site information, weblogs, and other contact information; Telephone calls to and from our Customer Service Department;
B. For up to five (5) years from last activity: Personal identification and communication details provided, contact information through the website, email, telephone, or other media;
C. For up to ten (10) years from last activity: Elements of transactions, including financial accounts information that you may provide us, made through the website, telephone, or other media.

We will also keep personal data for the purpose of presenting and processing in case of a litigation or a legal process which you, the relevant authorities or us may be party to, due to our provision of services to you.
If your account, in any of the above cases is not active, then we will not process the data further except for complying with the above legal obligations.
All this information is stored in accordance with this Privacy Notice.

9 Your Rights

You have the right to:

a. access to the personal information provided by you;
b. request rectification of personal data that you consider incorrect;
c. request for restriction of processing of data;
d. request erasure of data;
e. file an objection about processing of your data;
f. request to export your data; and
g. be informed about automated individual decision-making, including profiling; and
h. you have the right at all times to object to the processing of your data and to withdraw your consent through your account profile privacy settings.

Your rights may be exercised in accordance with the Law, which might include restrictions on when you can exercise these rights.

You can exercise these rights by accessing your Privacy Dashboard or by contacting us at dataprotection@palasinomalta.ltd.
You have also the right to lodge a complaint with our Data Protection Authority, which is Office of the Information and Data Protection Commissioner, whose website may be found at https://idpc.org.mt/en/Pages/Home.aspx. You may also decide to lodge a complaint with your local Data Protection Authority. You may find a list with your local Data Protection Authority contact details at https://edpb.europa.eu/about-edpb/board/members_en.

10 Changes to this Privacy Notice

Any changes we may make to our Privacy Notice in the future will be published from this page on the site and will be effective from the time of their posting. You can request previous versions of this document by sending us an email at dataprotection@palasinomalta.ltd.

Version 1.0 of the 01.01.2022