OWNER AND DATA CONTROLLER
iGaming Idol Ltd.
Elite Business Centre
Trejqa ta’ Box Box
Msida MSD1840, Malta
Tel: +356 7961 7657
VAT: MT 23548810
Reg: C 76829
Owner contact email: firstname.lastname@example.org
When you provide your Personal Data to a third party, you are passing such data to either a controller or a processor.
A Controller of your Personal Data is an individual or a company who has the power to determine the exact uses of the Personal Data you have supplied to him. On the other hand, a Processor is a third party who is processing and thus utilising your Personal Data on behalf of a controller.
TYPES OF DATA COLLECTED
Among the types of Personal Data that this Website collects, by itself or through third parties, there are:
- Usage Data;
- email address;
- first name;
- last name;
- company name.
Personal Data, after consent is explicitly given by the data subject, may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Website.
Users are responsible for any third-party Personal Data obtained, published or shared through this Website and confirm that they have the third party’s consent to provide the Data to the Owner.
MODE AND PLACE OF PROCESSING THE DATA
Methods of processing
The Owner is committed to take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.
Legal basis of processing
The Owner may process Personal Data relating to Users if one of the following applies:
- Under Article 6 (a) of the GDPR, the data subject has have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to the General Data Protection Regulation;
- Under Article 6(b) of the GDPR, the provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
- Under Article 6(c) of the GDPR, processing is necessary for compliance with a legal obligation to which the Owner is subject;
- Under Article 6(e) of the GDPR, the processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
- Under Article 6(f) of the GDPR, the processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
The Data is processed at the Owner’s operating offices and in any other places where the parties involved in the processing are located.
Depending on the User’s location, data transfers may involve transferring the User’s Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data. We shall only transfer data to countries where the EU Commission has decided that the receiving country has an adequate level of date protection.
If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for; however the data will not be kept for longer than is necessary.
- Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
- Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.
The Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, all Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
If a User is subscribed to our newsletter, the Owner shall retain the email address until they unsubscribe from such service.
THE PURPOSES OF PROCESSING
The Data concerning the User is collected to allow the Owner to provide its Services, as well as for the following purposes: Analytics, Interaction with external social networks and platforms and Contacting the User. This data is also used to generate usage statistics to be able to improve and further develop this website.
Users can find further detailed information about such purposes of processing and about the specific Personal Data used for each purpose in the respective sections of this document.
DETAILED INFORMATION ON THE PROCESSING OF PERSONAL DATA
Personal Data is collected for the following purposes and using the following services:
The services contained in this section enable the Owner to monitor and analyse web traffic and can be used to keep track of User behaviour.
Google Analytics (Google Ireland Limited)
Google Analytics is a web analysis service provided by Google Ireland Limited (“Google”). Google utilizes the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Personal Data collected: Cookies; Usage Data.
- Contacting the User
Mailing list or newsletter (this Application)
By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Application. Your email address might also be added to this list as a result of signing up to this Application or after making a purchase. We shall retain your email address until you unsubscribe from our newsletter.
Personal Data collected includes company name; email address; first name; last name.
- Interaction with external social networks and platforms
This type of service allows interaction with social networks or other external platforms directly from the pages of this Application.
The interaction and information obtained through this Application are always subject to the User’s privacy settings for each social network.
This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.
It is recommended to log out from the respective services in order to make sure that the processed data on this Application isn’t being connected back to the User’s profile.
Google+ +1 button and social widgets (Google Ireland Limited)
The Google+ +1 button and social widgets are services allowing interaction with the Google+ social network provided by Google Ireland Limited.
Personal Data collected: Cookies; Usage Data.
LinkedIn button and social widgets (LinkedIn Corporation)
The LinkedIn button and social widgets are services allowing interaction with the LinkedIn social network provided by LinkedIn Corporation.
Personal Data collected: Cookies; Usage Data.
THE RIGHTS OF USERS
Users may exercise certain rights regarding their Data processed by the Owner.
Users under Chapter 3 of the GDPR have the following rights:
- Right to information
This right provides the data subject with the ability to ask a company for information about what personal data is being processed and the rationale for such processing.
- Right to Access
Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
- Right to Rectification
Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
- Right to erasure (‘right to be forgotten’)
Users have the right to obtain the erasure of their Data without any undue delay if any of the following conditions are met:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
- the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
- Right to Data Portability
Users have the right to receive their Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof. This right shall not adversely affect the rights and freedoms of others.
- Right to Object
Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
- Right to Withdraw Consent
Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data. The request would then require the company to stop the processing of the personal data that was based on the consent provided earlier.
- Right to object to automated processing
This right provides the users with the ability to object to a decision based on automated processing. Using this right, a user may ask for his or her request to be reviewed manually, because the user believes that automated process may not consider their unique situation.
- Right to Complain
Users have the right to bring a claim before their competent data protection authority.
Details about the right to object to processing
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and without any undue delay.
ADDITIONAL INFORMATION ABOUT DATA COLLECTION AND PROCESSING
The User’s Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Website or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
Additional information about User’s Personal Data
System logs and maintenance
For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website use other Personal Data (such as the IP Address) for this purpose.
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.
How “Do Not Track” requests are handled
Secure Sockets Layer (SSL)
Our website uses Secure Sockets Layer (SSL) to ensure secure transmission of the User’s personal data. The User should be able to see the padlock symbol in the status bar of the browser’s address field. The URL address will also start with “https://” clearly indicating a secure webpage.
SSL applies encryption between two points, in this case the User’s PC and the connecting server. Any data transmitted during the session will be encrypted or scrambled and then decrypted or unscrambled at the receiving end. This will ascertain that data cannot be read during transmission.
Any data breaches shall be reported to the ‘Office of the Information and Data Protection Commissioner’ (Supervisory Authority in Malta) within 72 hours of the owner becoming aware of such a breach.
Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.