Contents
1. Introduction
2. Compliance with data protection requirements
3. Identification of Controller
4. Lawfulness of Processing – Legal basis
5. Consequences of you not providing the personal data we need
6. Legal basis for Special Categories of Personal Data
7. Categories of personal data
8. Purposes for our processing of data
9. Recipients of your data
10. International transfers
11. Retention period
12. Supervisory Authority
13. Data Subjects’ Rights
14. Data Protection Officer (“DPO”)
Pikakasino as part of the Play North® Group (the “Casino”) processes a wide range of Personal Data in relation to its users of the online services and service providers. The Casino is committed to comply with the rules and requirements regarding the Processing of Personal Data under applicable data protection legislation.
The European Union Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”) and all the applicable national data protection laws, such as the Estonian Personal Data Protection Act and the Estonian Personal Data Protection Implementation Act, the Finnish Data Protection Act, the Dutch GDPR Implementation Act or the Maltese Data Protection Act (“DPA”) apply to the processing operations of the Casino.
The EU Directive 2002/588/EC of the European parliament and of the Council of 12 July 2002 concerning the Processing of Personal Data and the protection of privacy in the electronic communications sector (“ePrivacy Directive”) as implemented into national law, imposes special rules and requirements in respect of storing of information into end users’ terminals (e.g. cookies) and direct marketing.
This Pikakasino Privacy Policy (hereafter the “policy” or “Privacy Policy”) applies to the Casino as a whole and may be subject to review annually or as so required.
Definitions of this policy are the same of GDPR and Directive 2018/1972. Capitalized terms shall have the same meaning as uncapitalized, masculine includes feminine and vice versa, singular includes plural and vice versa.
In order to be able to demonstrate compliance with the applicable laws, the Casino has to adopt and maintain internal polices and implement measures which meet the principles of data protection established by data protection legislation.
Play North® LTD, having Maltese company number C86563 is your data controller (“Controller” or “we”). Play North® OÜ, having Estonian company number 12767675, and Play Services B.V., having Dutch company number 83631119 are your data processors.
The Controller must process data in a legal manner which also means that we need a basis for processing your data. The legal basis that we use are listed below:
a) Legal Obligation: this applies every time a law or a regulation binds us to process your data.
b) Contract: when using our services you are agreeing that we process your data to participate in the games of chance. This is a contract that you have with us which consists of the terms and conditions available on our website.
c) Legitimate interest: from time to time we may elect to process your data for generic purposes. In such cases we will balance your rights and freedoms and those of others so that the outcome is the most legitimate as possible.
d) Consent: when you agree to a specific processing with a written affirmative declaration and in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.
e) Public interest: in certain cases (such as the Maltese Prevention of Money Laundering and Funding of Terrorism Regulations) we must pursue the common good and process your data to achieve that goal.
In case you decide not to give the data that we need to fulfill our legal obligations or to enter into a contract, you will not be able to play with us.
In case of consent, there is no negative consequence for your refusal, and you can withdraw it at any time.
In the context of the “special categories of Personal Data” in terms of Article 9 of the GDPR, we process data on customer health, or which might reveal racial or ethnic origin, political opinions, religious beliefs, biometric data. The grounds on which we may process such special data could be:
a) Processing relates to Personal Data which are manifestly made public by the Data Subject;
b) Processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
c) processing is necessary for reasons of substantial public interest
In the course of our business, we will collect personal data about you such as:
a) Customer’s details such as full name, date of birth and nationality;
b) Contact details (address, telephone, email);
c) Identification documents (identity card, driving licence, passport);
d) Health data (for responsible gaming);
e) Tax identification number;
f) Bank details (IBAN);
g) Payment transactions data (deposits, withdrawals);
h) Gaming transactions data;
i) IP address;
j) Browser data;
k) Recorded phone calls.
We may obtain some of this data from the financial institutions that you have used to log in or other third parties. You can write to the DPO for more information.
We need data for our business and to offer you the best participation in the remote games of chance. In order to stand out from the crowd we process your data to:
a) provide, operate and maintain our services.
b) offer you first-class customer service and help you register, operate and manage your account.
c) maintain your personal account.
d) Address gaming addiction and promote responsible gaming.
e) analyse customer trends with market studies.
f) contact you directly or through our associated companies. This communication includes customer service and update, change and other service-related notifications.
g) process your bets and transactions
h) send you text messages, e-mails, direct mail, push notifications and active and upcoming marketing campaigns. You can choose to opt out at any time.
i) investigate and prevent fraud and money laundering and other unlawful activities.
We may share your data with companies within the Play North® group and with our business partners as stated below. Relevant authorities, regulators, law enforcement agencies may request some data and we are obliged to disclose them. The Controller’s employees are also able to access your personal data in order to do their work and to provide you with assistance/customer service.
We may share the collected information for the following reasons:
a) We may share information with third-party service providers and suppliers who provide services or products on our behalf.
b) We use analytical software, such as Google Analytics, to track our business. Google Analytics uses cookies to collect information, but it cannot be used to identify the individual. You can read more about their cookie policy here.
c) The information may be shared or transferred to third parties in the event of mergers and acquisitions, bankruptcy or other similar transaction.
d) We use business partners (affiliates) in our marketing, who may advertise our services to you.
e) Payment service providers and other financial institutions
f) Responsible gaming service providers
At the moment we do not send your personal data outside the EEA. However, if we do this in the future, we will update our Privacy policy and notify you accordingly.
We will process your data for the entire duration of your contract with us (for as long as you have an account on our Casino). After the closure of your account, we will retain certain data as long as it is required by the law or according to the limitation periods for a civil lawsuit in our relevant jurisdiction.
Certain other data are stored for a shorter time according to the specific sectorial obligations (telecommunication law).
Our main establishment is in Malta, therefore our lead data protection authority is the Information Data Protection Commissioner. However, a complete list of Authorities can be found here.
We have to facilitate the exercise of your rights under Article 15 – 22 of the GDPR, namely,
a) You have the right to access your data;
b) You have an absolute right to have your data updated and corrected;
c) Under certain conditions you have the right to ask us to delete your data - Right to be Forgotten;
d) In certain cases you can restrict the processing of your data;
e) You can receive your structured data in .csv format; and
f) When we use legitimate interest you can object and stop us (this can always happen for marketing).
We are prohibited from making a decision that has a legal effect regarding you solely based on automated Processing, including profiling. You can make sure of this at any time.
In cases where Personal Data are processed based on consent, you have the right to withdraw your consent at any time.
We have appointed a DPO. Our DPO is your best friend for any queries or claim you might have. We strongly encourage you to contact our DPO whose details are as follows:
DPO@ pikakasino.com
DPO, Play North® Limited, Level 1, The Centre Tigne Point, Sliema, TPO 0001 Malta