Privacy Notice
Last revised: 23.05.2024
1. RESPONSIBILITY FOR THE PROCESSING OF PERSONAL DATA
This is the Privacy Notice for the joint controllership between BML Group Limited, a Maltese company having its registered address at Betsson Experience Centre', Ta' Xbiex Seafront, Ta' Xbiex, XBX 1027, Malta, and BHG LLP, a Kazak company having its registered address at Almaty, Konaev, Saken Seifullin st. 14/2, (hereinafter: “Betsson”, “We” or “us”). In this respect We have concluded a legally binding agreement as per Article 26 of the GDPR. The essence of this arrangement is reflected in this Privacy Notice.
In this joint controllership relationship, We acknowledge the applicability of two distinct legal frameworks governing personal data protection: the General Data Protection Regulation (GDPR) 2016/679 and the Law of the Republic of Kazakhstan on Personal Data and Its Protection No. 94-V dated 21 May 2013 (PDP Law) (hereinafter referred to collectively as “applicable law"). We are committed to ensuring compliance with all applicable requirements under both frameworks, thereby safeguarding the privacy rights of data subjects and fostering transparency and accountability in our data processing practices.
Betsson’s Services are not intended for minors and We do not knowingly collect personal data relating to minors. In the event that We become aware that a minor has provided Betsson with any information, We may discard such information unless it is required to comply with any legal or statutory obligation binding upon Us. If You have reason to believe that a minor has provided Us with personal data, please contact Us at the details set out in Section 2 below.
2. CONTACT US
Personal data means any information that can directly or indirectly identify an individual, including any information that consitutes personal data within the meaning of applicable privacy Laws.
We process personal data of visitors to Our website, users of Our mobile applications, and participants in Our iGaming services. We also process personal data of individuals who contact Us, follow Us on social media, request to be kept informed about Our Services, or with whom We otherwise have a relationship.
We receive the personal data either when You register with Us, when You provide data, or any other time You communicate with Us. We also collect and analyse data regarding Your gaming behaviour in order to ensure compliance with the terms and conditions, monitor the integrity of wagering activity, and to meet Our responsible gaming, anti-money laundering, and other legal obligations. We also receive data from third parties, such as providers of Know Your Customer services, that help Us to comply with Our legal obligations.
We also collect certain information about Our customers and visitors to Our website using cookies and other tracking technologies. For further information about cookies, which cookies We use, why We use cookies, and how You can control which cookies are used, please read Our Cookie Policy.
Below is an overview of the categories of personal data We process and examples thereof :
Categories of personal information
Examples
Identifying data and contact details
Legal name and surname
Date of birth
Gender
Address (house/apartment number, city, province/state, country, postal/zip code)
Contact details (telephone number, e-mail address)
A code that is uniquely linked to You as a player
Account details
User name
Password
Location and related geolocation information
Language preferences
Payment details
Name, address and account number
Payment type (debit card, credit card, e-wallet, etc.)
Information relating to a transaction e.g, currency, location, value, IP
Information relating to playing behaviour and (placed) bets
Games in which You participate including gaming activity and outcomes
Time of play and duration
Play frequency
The indicated limits of playing behaviour (maximum duration, deposits, credit) and adjustments thereof
Exceeding Your game limits
Total monies wagered / won / lost for session and/or period of time
The date and time of past and current bets, and the date and time at which past bets were settled, and information about current bets
Account balance at start and end of session
Deposit and withdrawal history
Bonuses
Possible suspensions from play
Your login history
Information We are required to collect by virtue of Our obligations stemming from anti-money laundering obligations
Identity verification information (e.g., government-issued ID, credit file, utility bill)
Documents evidencing source of wealth / source of funds (e.g. payslip, bank statement)
Bank details for verification of ownership, such as beneficiairy name, account number and billing address
Results from adverse media and sanction screening
Information We are required to collect by virtue of Our duty of care / responsible gaming obligations
Internal and external signs of problematic or addictive behaviour, which may include health data subject to legal limitations
If applicable, data on a player interactions, conclusions thereof and applied intervention measures
Utilisation of responsible gaming tools such as reality-checks; limits (deposit / loss / session / wagering limits); time-out and self-exclusion periods
nformation relating to criminal offences
If applicable, data on criminal behaviour, such as data on an incident where fraud is suspected
Information on Your use of Our website, applications and online user environment
Activities on Our website and in online user environment
IP address
Operating system
Unique identifiers, such as the Android Advertising ID or ID For Advertisers
Information collected by cookies (see also Our Cookie Policy)
Data You actively provide or fill in forms
Data about the device You use to use Our website or online user environment
Correspondence, call recordings and chat recordings
Voice call recordings
Online chat records
Correspondence by mail and email with Our customer service
Complaints
Direct marketing and communication data
Your contact information (telehone number, email address, home address)
Your preferences for receiving direct marketing and/or communication from Us
Information about what type of events You prefer and events which You have attended
Infromation on what type of gifts You prefer and whether You have participated in / received any giveaways
nformation obtained from third parties and public sources
Information obtained from KYC, identity verification providers and credit bureaus
Information obtained from adverse media and sanction screening providers
Information derived from centralized self-exlcusion registers allowing players to take a break from all regulated iGaming services
4. PURPOSE AND AUTHORITY FOR PROCESSING PERSONAL DATA
Purpose & basis
Examples
Customer registration
Basis: necessary for performance of Our Agreement with You
Assess Your eligibility for account creation
Check if You are registered in centralized self-exclusion registers (where applicable)
Check validity/accuracy of Your data
Create new player accounts
Process and record the data You provide via Our website
Processing changes to Your profile
For brands where You can deposit using Bank ID or similar electronic identification methods, You authorise Us to receive Your personal data through such electronic identification system that We collect and use to verify you and to open/set up your account. Once you are successfully verified via Bank ID, the required personal data will be automatically inputted into your profile.
Verifying Your identity and whether You are of age
Basis: to comply with a legal obligation imposed upon Us
Checking Your identification information against publicaly available sources and/or documents provided by You
Enabling participation in Our igaming offering
Basis: necessary for performance of Our Agreement with You
Monitoring and detecting the location of customers
Processing and managing payment transactions
Enforcing Your set limits
The correct display of our website or applications using information about Your device
Facilitating Your preferences, such as displaying the website or application in the correct language and remembering Your password
Sending service messages
Sending in-app/on-site messages which can only be seen by logged-in users and are not based on any user characteristics / activity, but are common for all users
Maintaining contact with You
Answering Your questions / reuquests (to customer service or otherwise) and handling complaints via Our complaints process
To prevent and/or combat excessive participation and gambling addiction
Basis: to comply with legal obligations imposed on Us
Collecting, analysing and recording Your gaming data, transaction data, and other relevant data such as communications in order to perform a risk assessment
Carry out customer interactions
Action requests relating to the use of the responsible gaming tools (limits, time-outs, self-exclusion)
Providing Your data to third parties, such as the competent authorities, if there is a legal obligation to do so
Fighting fraud and preventing money laundering and terrorist financing
Basis: to comply with a legal obligation imposed on Us
Verify Your identification information through publicly available sources and/or other relevant documents provided by You
Verify Your payment account and authorization
Establishing Your sources of wealth / source of funds
Checking Your PEP / sanction status
Creating a risk profile
Reporting of unusual transactions
Providing Your data to third parties, such as the competent authorties, if there is a legal obligation to do so
Investigating and reporting suspicious (gambling) activities
Basis: to comply with a legal obligation imposed on Us
Preventing, detecting and investigating suspicious betting activities (e.g. match fixing), and reporting such activities to the competent authorities.
Enforcement of the rules of a sport or game and/or prevention and detection of crimes
For the development and improvement of Our business operations, products and services
Basis: legitimate business interest
Collecting statistical data on the use of Our website and services, with or without cookies
Storing customer service enquiries to better assist You later and to improve Our services
Conducting market research and surveys to evaluate customer experience and identify how We can improve Our Services. We will always notify You whether the survey is anonymous or otherwise. You can object to this kind of processing
The use of Business Intelligence software to improve Our operations
For communication, promotion and marketing purposes
Basis: consent
To inform You as a registered player about Our products or services that might be of interest to You, via e-mail, telephone, SMS and/or via direct messaging on social media, if You have given Your consent
Push notifications (app and/or desktop)
Enrichment of personal data
Handling requests for objection to direct marketing
To provide a personalised experience
Basis: legitimate business interest
Provide personalised game recommendations / promotions to logged in users, based on information on Your use of the Services, including game history, unless You indicate that You do not wish to receive such personalised recommendations
VIP loyalty programme
Basis: necessary for performance of Our Agreement with You
Managing VIP accounts
Providing tailor-made and rapid assistance
Providing personalised offers/rewards subject to Your consent
To ensure the security and stability of Our services and IT systems
Basis: legitimate business interest
Monitoring of IT systems
Conducting internal audits and investigations
Detection of third party software in Our games of chance/iGames/sweepstakes
Detecting activities in violation of Our terms and conditions
Legal protection
Basis: legitimate business interest
Protecting and enforcing Our rights and defending Ourselves in any proceedings
5. MARKETING
Betsson and Our appointed third party service providers use Your personal data, such as Your name, home address, email address, telephone number, and other relevant information for promotional purposes concerning the Services which We believe may interest You. You must opt-in to receive direct marketing of bonus promotions and other inducements to use Our Services. You may opt-out from receiving marketing from Us at any time, and free of charge, by following the instructions provided on the marketing communications, such as selecting the unsubscribe button within promotional emails, via the “Marketing Settings” page on Your account, or by contacting Our Customer Support. We will comply with Your request as soon as it can be processed. Please note that even if You opt-out of Our mareting mailing list, You will continue to receive service-related updates as per Our legal obligations and/or Our Agreement with You. Also, all changes to email preferences may take up to 24 hours to take effect. You may control Your exposure to Our advertising on social media through the settings offered on the respective third party platforms:
- You can manage the settings for advertising preferences in Your Facebook account or at https://www.facebook.com/ads/preferences;
- You can manage the settings for advertising preferences in Your Twitter account or under https://twitter.com/personalization;
- You can manage the advertising and general settings in Your YouTube account under https://www.youtube.com/account;
- You can manage the settings for advertising preferences in Your Instagram account or under https://www.instagram.com/accounts/privacy_and_security/.
6. RECIPIENTS OF YOUR PERSONAL DATA
For the purposes described in this Privacy Notice, including business and operational purposes and well as for fulfilling Our legal obligations (such as anti-money laundering and responsible gaming), Betsson may share Your personal data with other Betsson Group entities to enable cross-network exclusions and similar measures, on the basis of Our intra-group data processing agreements, and/or subejct to Your consent, as may be applicable.
In some cases, We are required by law to share Your personal data with government entities, law enforcement, regulators, and sports governing bodies (where there are reasonable grounds to suspect that you may be involved in a breach of sport integrity rules or the law, have knowledge of a breach of such rules or the law or otherwise pose a threat to the integrity of the relevant sport or game) for the purpose of combating gambling addiction, enforcing sport integrity, and preventing or investigating potential criminal activity. We may also be required to share Your personal data in response to any court subpoena, order or similar official request. In certain cases, relevant laws may oblige Us to disclose Your personal data to financial institutions such as banks and insolvency services. These bodies may use Your personal data to investigate and act on any such breaches in accordance with their procedures.
Betsson may engage third parties (data recipients) to process Your data in accordance with this Privacy Notice to provide You with the Services. These parties usually act as processors for Betsson In some cases, these parties act as joint or independent controllers. This is, for example, the case for payment service providers and social media platforms. In such cases, the privacy statement of the third party in question will apply. We shall only share Your data with these providers subject to appropriate agreements. Categories of recipients with whom We share personal information are:
- Gaming and software providers;
- Risk management providers;
- Third-party vendors that provide technical support and help Us maintain Your account with Us;
- Analytics and search engine providers that help Us improve and optimise Our website;
- Suppliers for communication purposes, such as Our marketing platforms and providers of mobile communication services for telephony and SMS;
- Partners who carry out surveys and market research on Our behalf;
- Interactive media platforms (such as social media platforms);
- Organisations that enable Us to provide relevant advertisements on third party websites and platforms that You visit;
- Payment service providers and payment facilitators;
- Cloud service providers;
- Anti-fraud, risk and compliance service providers (such as know Your customer (KYC) providers, credit reference agencies);
- Providers of information verification services to validate the information You provide to Us;
- Providers offerring professional support for at risk users;
- Professional advisers such as lawyers, accountants, consultants and insurers, who provide Us with legal, advisory and insurance services;
- Other partners who help Us create a better experience for You.
We may transfer some or all of Your personal data with any subsequent owner, co-owner or operator of the service and their advisors in connection with a corporate merger, consolidation, restructuring, the sale of substantially all Our stock and/or assets, or in connection with bankruptcy proceedings, or other corporate reorganisation. Alternatively, We may seek to acquire other businesses or merge with them. In the event of a change to Our business, We will inform You in accordance with applicable law.
While using the services You may find links to third-party websites/applications (for example social media platforms). Please note that this Privacy Notice does not apply to such third-party websites/applications. In order to find out more about processing of Your personal data by these third-party websites/applications, We instruct You to carefully read their privacy statements and the terms of use before using their services.
7. TRANSFER OF PERSONAL DATA TO OTHER COUNTRIES
Our company firmly adheres to the principle of safeguarding personal data privacy by abstaining from any international transfer of such data unless compelling grounds necessitate otherwise. We prioritize the retention of personal data within the confines of the respective country or jurisdiction where it originated, ensuring stringent compliance with local regulations and standards governing data protection. Any potential transfer beyond borders is contingent upon the presence of robust justifications, such as explicit consent from the data subjects, contractual obligations, or other safeguards as required per applicable law, meticulously evaluated to ascertain the necessity and legitimacy of such actions. This underscores Our dedication to maintaining the integrity and confidentiality of individuals' personal information, thereby fostering trust and confidence in our data handling practices.
8. RETENTION OF YOUR PERSONAL DATA
Betsson will not retain Your personal data longer than necessary for the purposes for which it is collected or processed, unless longer retention is required by law. If Your personal data is no longer necessary for Us, We will securely delete the relevant personal information or anonymise it.
The necessary retention period is determined by various criteria inlcuding the nature of the data, purpose of the processing, the legal basis, whether there are any applicable legal obligations or industry codes of conduct, and other factors.
We will keep Your personal information for as long as Your account is active to be able to offer you Our Services. If Your account is closed (by Yourself or by Us), we will retain all Your personal data to the extent necessary to comply with Our legal obligations such as applicable tax/revenue laws, AML, gaming laws and other applicable regulatory requirements as well as to resolve any potential legal disputes as per Our data retention policies. Since retention periods are jurisdiction specific, for further information about the data retention terms relevant to Your jurisdiction, please contact Our data privacy team at [email protected].
9. AUTOMATED INDIVIDUAL DECISION-MAKING
In the cases described below, Betsson uses fully or partially automated decision-making to take any necessary decisions / actions in accordance with applicable law:
- We use automated tools to check against sanction / adverse media lists and any centralized self-exclusion schemes (where available), in accordance with Our legal obligations under relevant legislation to take necessary anti-money laundering and responsible gaming measures.
- We analyse Your transactions and gaming behaviour in order to establish a risk profile in accordance with Our legal obligations and licensing requirements to take measures to identify and investigate suspected illegal or fraudulent activities in connection with the Services, including money laundering, terrorist financing and fraud.
- In accordance with Our licensing obligations, We are required to monitor users who are experiencing or at risk of developing an addiction. Therefore, We conduct player risk assessments by analysing behaviour, transactions, usage patterns and other data such as communications. Furthermore, Our tools assess whether any limits set by players have been reached.
- We analyse Your playing patterns and activities to investigate and identify possible issues related to integrity, malpractice, and other serious inappropriate behaviour in sport, such as match-fixing.
- We process data about Your activities and play behaviour in order to monitor compliance with Our Terms and Conditions and internal policy documents.
- We will assess Your eligibility for VIP status by analysing Your transaction and game history.
- Based on information on Your use of the Services, including Your game history, We will provide You with tailored recommendations / promotions unless You object to such processing by indicating Your preferences in Your account or by contacting Us.
Please note that any decision with a legal or material impact on You will not be taken without human intervention, unless it is (i) permitted by law,(ii) necessary for the performance of Our Agreement with You, or (iii) based on Your express consent. In decisions made based on provisions (ii) and (iii), above, You have the right to request a new (manual) assessment by a Betsson employee (right of human intervention).
Betsson’s systems are tested on a regular basis to ensure fair, effective, and unbiased operation. We cannot disclose detailed information about Our detection systems, in particular the logic behind them, as this would harm their operation by allowing users to circumvent these mechanisms, which are aimed at protecting users, Our Company and at ensuring compliance with Our legal obligations.
10. WHAT ARE YOUR RIGHTS?
You have a number of rights with regard to the processing of Your personal data, including:
- Right to obtain confirmation that We are processing Your data and have access to or obtain a copy of the same. Kindly observe that as a general rule, subject to exemptions provided by applicable laws, We reserve the right not to disclose:
- Information which is likely to prejudice either an internal ongoing investigation (for example in relation to fraudulent behaviour, bonus abuse etc.) or one conducted by the relevant authorities in relation to other offences;
- Our AML/ATF and RG risk assessments and monitoring information pursuant to applicable laws, since such disclosure is likely to prejudice the operation of the business by enabling customers to bypass mechanisms specifically set for the prevention and detection of such activities;
- Information relating to ongoing negotiations with customers if such disclosure is likely to prejudice any negotiations to settle disputes/issues;
- Information relating to Our internal processes including customer and risk management procedures which are strictly confidential, and disclosure would disrupt internal business operations;
- Information including third party personal data since such disclosure may adversely affect the rights and freedoms of the third parties in question; and
- Information subject to Legal Professional Privilege (LPP).
- Right to request correction or completion of Your incorrect or incomplete personal data to the extent allowed by law. Betsson takes all reasonable measures to ensure Your personal data is accurate, complate and up to date. If You believe that the personal data We hold about You is inaccurate, incomplete or not current, You must either update the information from the “My Account” section on Your profile or contact Us immediately and We will correct the information if We are satisfied that a correction is required;
- Right to erasure where:
- Your personal data are no longer necessary for the purposes which they were collected;
- The lawful basis for processing is consent and You withdraw your consent;
- You object to processing based on legitimate interests and there is no overriding interest to continue processing;
- Data processing is done for direct marketing purposes and You object to such processing;
- Data processing is unlawful; or
- Personal data must be erased for compliance with a legal obligation.
Kindly note that right to deletion is not absolute and may be limited, for example, due to Our legal obligations, or for the establishment, exercise or defence of legal claims. This means that We will not be able to exercise erasure in relation to personal data that We need to keep as per Our data retention policies.
- Right to restrict processing where:
- You have asked Us to rectify your data and We are in the process of verifying the accuracy of such data;
- Personal data processing has been unlawful and ask for restriction instead of deletion;
- Your personal data is no longer needed for the Services but you request Us to retain it in order to establish, exercise or defend a legal claim; or
- You have objected to Our processing of your data based on legitimate interest and We are evaluating whether Our legitimate interests override yours.
Kindly observe that your data will be stored for the time of restriction and shall be processed only if You gave your consent or in order to establish, exercise or defend legal claims, protect the rights of another natural or legal person and for the reasons of important public interest;
- Right to data portability i.e. right to transmit personal data you have provided Us with in a structured, commonly used and machine-readable format to another controller where the processing is based on consent or contract and carried out by automated means;
- Right to object where processing is based on legitimate interests, tasks carried in public interest and/or where your personal data are processed for direct marketing purposes, including profiling for these purposes. Whilst the latter is an absolute right, the first will require a balance assessment of your interests, rights and freedoms against Our legitimate interests;
- Right to obtain human intervention, express Your point of view and contest the decision where it is based on solely automated decision making, including profiling, which produces legal effects concerning You or similar significant effects.
Please note that you can assert your data subejct rights against any controller, however, we have set up [email protected] as the central point of contact. We will respond to any of your requests about your rights within a reasonable timeframe (this period may be further extended in line with the applicable law).
Finally, please note that you have a right to lodge a complaint to a supervisory authority in the Member State of your habitual residence, place of work or place of alleged infringement.
11. PROTECTION OF YOUR PERSONAL DATA
We take appropriate measures to prevent abuse, loss, unauthorised access, unwanted disclosure, and unauthorised modification of personal information. For example, We use secure network connections, firewalls, encryption, and anonymise data where possible. However, You acknowledge that no method of transmission over the Internet, nor any method of electronic storage, is 100% secure. We do Our best to protect Your personal data, but We cannot guarantee its absolute security. Betsson’s employees, agents, and contractors have restricted access to personal information to a need-to-know basis subject to confidentiality agreements.
In order to protect Your account, You are ultimately responsible for maintaining Your username and password confidential and secure. We will never ask You for Your password except when You log in to Our website and enter Your password at which time it is encrypted. If You become aware of any unauthorized access to or use of Your account, You are required to notify Us immediately. Where Our mobile application(s) require biometric authentication, Your credentials will be securely encrypted by and stored on Your device. They will not be stored in Our mobile application(s) nor held or accessed by Us in any way. We will only know whether You have been successfully identified or not. Please note that if You store fingerprints of other persons on Your device, those persons will also be able to access Our mobile application(s) via fingerprint when fingerprint is enabled.
We have adopted procedures to deal with any actual or suspected breach of security safeguards involving personal data. Unless otherwise prohibited by applicable law, We will promptly notify You in the event of a breach which could reasonably result in a real risk of significant harm to You. We will also report any such breach to the competent authorities as required by applicable laws, and keep a record of any such breach to the extent required by applicable laws.
12. CHANGES TO THIS PRIVACY NOTICE
We reserve the right at Our discretion to change or modify Our Privacy Notice from time to time. To the extent that the Privacy Notice or sections thereof are subject to a material change, We shall inform You of such change through reasonable measures including email or notice on the webiste and require re-acceptance of the Privacy Notice. Otherwise, all other changes to this Privacy Notice are effective as of the stated “Last revised” date, and Your continued use of the Services after the Last revised date will constitute acceptance of, and agreement to be bound by, those changes.