GGPoker is concerned with protecting the privacy of any Personal Data that you may choose to provide to us (“Personal Data”). GGPoker will ensure that the Processing of your Personal Data is compliant with the General Data Protection Regulation, (“GDPR”), (Regulation (EU) 2016/679). Accordingly, GGPoker issues this Policy to inform you of our use of your Personal Data.
This Policy applies to the company and its directly or indirectly controlled wholly-owned subsidiaries conducting business within the European Union (EU) European Economic Area (EEA) or processing the Personal Data of Data Subjects within EU/EEA.
1.2 GGPoker collects, Processes, and retains Personal Data and ensures that the below steps are taken by us to protect such Personal Data.
The following terms “Anonymisation”, “Controller”, “Processor”, “Data Subject”, “Data Portability” “Personal Data”, “Processed/Processing”, “Pseudonymisation”, “Cross-Border processing of Personal Data”, “Supervisory Authority” used in this document shall have the same meaning as in the GDPR:
“Group” means the NSUS group companies, namely GGN Europe Limited (Malta), NSUS Limited (Ireland), NSUS Group Inc. (Canada) and, NSUS LAB Korea (South Korea).
“You” means the player, the ‘Data Subject’ who is using the services of GGPoker.
“Visitor” means an individual other than a user, who uses the public area, but has no access to the restricted areas of the Site or Service.
This Policy is based on the following GDPR principles:
- The Processing of Personal Data shall take place in a lawful, fair and transparent way;
- The collection, processing and retention of Personal Data shall only be performed for specified, explicit and legitimate purposes and no further processing will take place which is incompatible with those purposes;
- The collecting and retaining of Personal Data shall be adequate, relevant, and limited to what is necessary in relation to the purpose for which they are Processed;
- The Personal Data shall be accurate and where necessary, kept up to date;
- Every reasonable step shall be taken to ensure that Personal Data that is inaccurate having regard to the purposes for which they are Processed, are erased or rectified without delay;
- Personal Data shall be kept in a form which permits identification of the Data Subject for no longer than it is necessary for the purpose for which the Personal Data is procured
- All Personal Data shall be kept confidential and stored in a manner that ensures appropriate security;
- Personal Data shall not be shared with third parties except when necessary in order for them to provide services upon agreement in which case the Data Subject;
- Data Subjects shall have the right to request access to and rectification or erasure of Personal Data, or restriction of Processing, or to object to Processing as well as the right of Data Portability.
- The Information we collect:
2.1 As part of providing you with the Services, we collect your Personal Data on registering an account. We collect, use, store and transfer the following kinds of Personal Data about you:
- first name
- email address
- mobile number
- date of birth
- government ID information
- electronic location information and electronic device information – this covers passport/license, MAC address and IP address
- Information of income in order to verify affordability levels of the player, if the player meets such thresholds which require the Company to conduct affordability check for the player
2.2 As part of providing you with the Services, we also collect information about the transactions you undertake, including details of payment cards used, details of the games you played and underlying gaming transactions.
2.4 We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
- How we will use your Personal Information
3.1 When providing our Services we ensure that we collect, retain and process your Personal Data in accordance with the GDPR. We have set out below, in a table format, a description of how we will use your personal data and the lawful basis we rely on to do so.
|To set-up, administer and manage your account and records (including processing deposits and withdrawals)||Performance of a contract with you.|
|To provide the Services (including allowing you to wager and play our games)||Performance of a contract with you.|
|To personalise the Services||Necessary for our legitimate interest (to offer incentives, such as bonuses and promotions to increase player engagement).|
|To receive and respond to your communications and requests||Performance of a contract with you, if communication relates to the use of our services.
Necessary for our legitimate interest (manage our relationship with you and keep our records updated).
|To fulfil our regulatory obligations regarding your Account, including by verifying the accuracy of any information you give us||Legal Obligation.|
|To comply with our obligations under Applicable Laws and to Regulators in jurisdictions where we are licensed (including the Malta Gaming Authority)||Legal Obligation.|
|To identify, investigate, and assist with the investigation of, suspected unlawful, fraudulent or other improper activity connected with the Services (including, where appropriate, dealing with requests from authorised entities/Authorities for the sharing of information)||Legal Obligation.|
|To carry out market research campaigns||Necessary for our legitimate interest (to grow our business).|
|To share your information with our professional advisors, such as lawyers and consultants, and online/live event partners||Legitimate interests to obtain professional advice for legal, business needs, and to prevent fraud & cheating|
|To share your information with other members of the Group to receive assistance in providing the services||Legitimate interests to allow us to provide services|
|To comply with any limits, such as deposit, bet/spend/loss limits that you have set||Consent|
|To keep you informed of offers and promotions in relation to our products and services||Consent|
|To ensure we are able to fulfil our regulatory obligations for identity verification, affordability checking, fraud prevention, anti-money laundering, and tracing.||Legal Obligation|
|To record telephone calls to and from, and live chats with, our customer services for security and regulatory purposes||Legal Obligation|
|To ascertain sources of funds and wealth, and to determine the ability to afford the amount you spend||Legal Obligation|
|To monitor gambling patterns and to identify possible responsible gambling concerns||Legal Obligation|
3.2 If at any time you wish us to stop Processing your Personal Data for the above purposes, then you must contact us and we will take the appropriate steps to stop doing so. Please note that this may mean that your Account will be closed. You may contact us by [email protected]
3.3 To ensure a good quality of service we may monitor any communication you have with us whether in writing or by electronic mail or telephone calls (“recordings”). Any recordings remain the property of GGPoker and will be used only for the purposes mentioned above.
3.4 We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for new purposes is compatible with the original purpose, please contact us.
3.5 In the event that we need to use your Personal Data for an unrelated purpose, then we will notify you by a Privacy Notice whereby we will inform you of the changes and seek any additional consent that may be required.
- Disclosing your Personal Information
4.1 We may disclose your Personal Data to the following third parties:
- Any company within our Group (including to its employees and subcontractors) which assists us in providing the Services or which otherwise has a need to know such information;
- Any third party which assists us in providing the Services, including (but not limited to) payment processors and marketing service providers;
- Any third party which can assist us in verifying the accuracy of your Personal Data, including financial institutions and credit reference agencies (a record of the search may be retained by such third party. Security use/plan to use will fall under this category for ID and Document checks
- Any third party who assists us in monitoring use of the Services, including the detection of money laundering or the financing of terrorism, the detection and prevention of fraud and collusion and in respect of safer gambling obligations;
- Any contractors or other advisers auditing any of our business Processes or who have the need to access such information for the purpose of advising us;
- Any law enforcement body which may have any reasonable requirement to access your Personal Data;
- Other online gaming sites, banks, credit card companies, and appropriate agencies, where you are found to have cheated or attempted to defraud us or any other user of our services based on our and other online / live-event operators legitimate interest or legal obligation to prevent fraud and/or cheating;
- Any regulatory body or authorised entity which may have any reasonable requirement to access your Personal Data; and
- Any potential purchaser of GGPoker or any investors in it or in any company within our Group (including in the event of insolvency).
4.2 We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with instructions.
4.3 The Company gives its customers the possibility to make use of “chat rooms” where players can communicate with each other. Whilst we will ensure that the players follow the terms as set in the House Rules, we will not be responsible for any data breaches that might arise from the use of our chat rooms. Therefore, you accept responsibility and under no circumstance shall we be held responsible for any damages that might arise from any breach of data.
- International Transfers
5.1 Companies within our Group and some of our external third parties are based outside the EU/EEA so their processing of your Personal Data will involve a transfer of data outside the EUEEA
5.2 Whenever we transfer your personal data out of the EU/EEA, we ensure a similar degree of protection is afford to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for Personal Data; or
- We will use Standard Contractual Clauses which give Personal Data the same protection it has in the EU.
5.3. In accordance with Art. 45 of GDPR we provide your personal data to our inter-company recipients, other third parties and suppliers in the following countries:
- Canada, based on the adequacy decision of the European Commission of 20 December 2001;
- South Korea, based on the European Commission’s decision of 17 December 2021;
- United Kingdom, based on the European Commission’s adequacy decision of 28 June 2021;
- Switzerland, based on the European Commission’s decision of 26 July 2000
In accordance with art 46 (2) of GDPR we may provide your personal data to our identity verification and mailing system services suppliers, and partners in prevention of fraud/ cheating in the following countries based on Standard Contractual Clauses:
- United States of America.
- Data Subject Rights
6.1 We respect your privacy rights and provide you with reasonable access to the Personal Data that you may have provided through your use of the Services. Under certain circumstances you have rights under data protection laws in relation to your Personal Data.
Your principal rights under the GDPR are:
- the right to access your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- the right to rectification of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- the right to erasure of your Personal Data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- the right to restrict processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims;
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- the right to object to processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
- the right to data portability of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
6.2 If you wish to exercise any of the rights set out above, you may contact us by email: [email protected] We will retain your information for as long as your account is active, as needed to provide you services, or to comply with our legal obligations, resolve disputes and enforce our agreements as described in section 11.
6.3 You may also update, correct, or delete your Account information and preferences at any time by accessing your Account settings page on the ‘My Account’ tab in the Cashier. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period of time, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so. Where appropriate and possible we shall apply Anonymisation or Pseudonymisation to Personal Data to reduce the risks to the Data Subjects.
6.4 You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
6.5 We may need to request specific information from you to help us confirm your identity and ensure your rights to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
6.6 Should we fail in abiding with the required data protection obligations, you shall have the right of complaint to the Information and Data Protection Commissioner’s Office (IDPC).
- Contacting us
7.1 For full details about GGPoker Group members and where they operate please contact us at [email protected]
- Minors and Children’s Privacy
9.1 Protecting the privacy of minors is especially important. Our Service is not directed to children under the age of 18, and we do not knowingly collect Personal Data from children under the age of 18. If you are under 18 years of age, then please do not use or access the Service at any time or in any manner. If we learn that Personal Data has been collected on the Service from persons under 18 years of age, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 18 years of age has obtained an Account on the Service, then you may alert us at [email protected] and request that we delete your child’s Personal Data from our systems.
10.1 We take appropriate security measures to protect against loss, misuse and unauthorized access, alteration, disclosure, or destruction of your information. GGPoker has taken steps to ensure the ongoing confidentiality, integrity, availability, and resilience of systems and services Processing Personal Data, and will restore the availability and access to information in a timely manner in the event of a physical or technical incident.
10.2 Your winnings and cash-outs are kept strictly confidential, and winnings information is stored in secure operating environments. We do not provide winnings information to any third party unless such information is required to be disclosed by law, regulation or a similar governmental authority.
10.3 No method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, however, we shall ensure that adequate security mechanisms designed to protect Personal Data will be used to prevent Personal Data from being stolen, misused or abused, and to prevent Personal Data breaches. If you believe your Personal Data has been compromised, please contact us at [email protected]
10.4 Although we may allow you to adjust your privacy settings to limit access to certain Personal Data, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users with whom you may choose to share your information. We cannot and do not guarantee that information you post on or transmit to the Service will not be viewed by unauthorized persons. We have taken the necessary steps to protect as much as possible your Personal Data in transit by utilising HTTPS on our Website and TLS 1.2 (a strong protocol), ECDHE_RSA with P-256 (a strong key exchange), and AES_256_GCM (a strong cipher).
- Data Retention
11.1 Personal Data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
11.2 To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
11.3. In terms of personal data that relates to your financial transactions we are obliged by the applicable prevention of money laundering and financing of terrorism laws law to keep your data for five years following termination of the business relationship. The said period may be extended to ten years if and when a competent government authority has required the information to be kept for this extended period for any investigation purposes.
In relation to personal data kept for tax reporting purposes, such as player ID and transaction information, we shall keep the said data for ten years from the last transaction
12. Data Protection Officer/Representative
12.1 Our data protection officer who is responsible for matters relating to privacy and data protection at GGPoker can be reached at: [email protected]
12.2 In accordance with the applicable legal regulations governing the protection of Personal Data, each request/inquiry will be resolved without undue delay and at the latest within 30 days of receipt.
12.3 When contacting and posting such requests, we will invest reasonable efforts to confirm your identity and to prevent unauthorized Personal Data processing.
13.1 As the Company evolves, there may be the need to update this Policy to keep pace with changes to the website, software, services, business and Applicable Laws. We will however, always maintain our commitment to respect the Data Subject’s privacy. We will ensure that we will notify the Data Subjects with any material changes under this Policy by email (the most recent email provided by the Data Subject) or post any other revisions to this Policy along with their effective date, in an easy-to-find area of the website.
This document was updated on January 1, 2023 and is effective from that date.
Contact: Data Protection Officer
Email: [email protected]
Company Address: Level 3 (Suite No: 2386), Tower Business Centre, Tower Street, Swatar, Birkirkara BKR4013