OLYBET WEBSITES PRIVACY NOTICE

1              General

1.1          This website is operated by Olympic Entertainment Group AS (“OEG” or “we”). OEG recognizes the importance of your privacy and is committed to protecting your personal data. This privacy notice (“Notice”) explains the principles on how OEG collects and uses information when you visit the websites: www.olybet.ee and www.olybet.eu(„Websites“) and use any of the gaming services provided on the Websites („Service“).   

1.2          OEG processes your personal data under this Notice and in accordance with applicable legislation, including the General Data Protection Regulation (2016/679) and the applicable national data protection laws of the Republic of Estonia, as applicable towards the personal data controller stated in Section 2 of this Notice.

2              Personal data controller

2.1          For the personal data processing purposes brought out in Section 5 of this Notice, the controller of your your personal data is:

Olympic Entertainment Group AS

Registry code: 14437516
Address: Pronksi tn 19,10124 Tallinn, Estonia
E-mail: [email protected]

3              Data protection officer

3.1          You shall have the right to communicate with OEG’s data protection officer in order to obtain information on the processing of your personal data. OEG’s data protection officer’s contact references are:

Address: Pronksi tn 19,10124 Tallinn, Estonia
E-mail: [email protected]  

4              categories and sources of personal data OEG collects and processes

4.1          Personal data are information that can be used to directly or indirectly uniquely identify, contact, or locate you as a private individual (“Personal Data”). The source of the collected Personal Data depends on how you interact with us. 

4.1.1      Registration data. OEG processes the following Personal Data related to your registration to the Websites: e-mail address, country of residence, phone number, etc. („Registration Data“)

Source: Personal Data you directly provide to OEG upon registration.

4.1.2      Verification data. OEG processes the following Personal Data in order to complete your registration and verify your admissibility to use the Service: name, surname, date of birth, personal identification number, type, number, validity and copy of personal identificaition document (if you choose verification via document photo), home address and nationality, etc. („Verification Data“)

Source: Personal Data you directly provide to OEG upon registration and Personal Data made available to us by the verification service providers.

4.1.3      Anti-money laundering data. OEG processes the following Personal Data in order to designate whether you are, or you are related to a politically exposed person: name, surname, personal identification number or date and place of birth, home address, information on political exposure, sum of registered amounts, occupation, copy of the personal identification document, etc. („AML Data“)

Source: Personal Data you directly provide to OEG as necessary.

4.1.4      Gambling data. OEG processes the following data in order to provide you with the Service: self-exclusion data, gaming-exclusion data, user ID, bet ID, currency, bet amount, current balance, game ID, seller ID, bet type, bet status, expected max win amount, bet result date, win amount, payout amount, login data, IP-address, currency, date and time date and time of entering and exiting the Service, etc. („Gambling Data“)

Source: Personal Data you provide us whilst using the Service and the Personal Data gathered from the databases available to OEG in relation to providing the Service (e.g.  list of persons with restrictions on gambling (HAMPI in Estonia)).

4.1.5      Transfer data. OEG processes the following data to commence the money transfers related to the Service: name, surname, banking number, transaction amount, etc. („Transfer Data“)

Source: Personal Data you provide us upon requesting monetary transfer and Personal Data received from the payment service providers.

4.1.6      Communications data. OEG processes the following Personal Data if you interact with OEG via Websites’ chatbot, e-mails or complaint reports: contents of your message, e-mail address or social media contacts, etc.  („Communication Data“)

Source: Personal Data you directly provide to OEG.

4.1.7      Technical data. OEG processes the following data when you visit the Websites: IP address (including location based on the IP address), access-provider, referring URL, date, time, access tokens, session key, browser type and version, operating system, amount and state of transferred data, MAC-address. (“Technical Data”)

Source: While you are browsing through the Website, the Website itself generates or collects the Technical Data from your device automatically.

4.1.8      Marketing data. OEG processes the following personal data for marketing purposes: e-mail address, phone number, your preferences. („Marketing Data“)

Source: Personal Data you directly or indirectly (e.g. via cookies) provide to OEG whilst using the Service.

4.1.9      Cookie data. OEG implements cookies on the Websites, for optimising the Websites and their functionalities. The cookies may collect your Personal Data. For further information, please see OEG’s cookie notice. („Cookie Data“)

4.2          If you fail to provide necessary information, OEG is not able to register your user account, provide you with the Service or fulfil any other purposes provided in Section 5 of this Notice.

5              Legal basis and purposes for processing the personal data

5.1          OEG’s legal basis to process your Personal Data depends on the objective and context in which we collect the Personal Data. For easier understanding, we have grouped all objectives and data categories for processing the Personal Data with the following legal grounds: performance of a legal obligationperformance of a contract, OEG’s legitimate interest and your consent.

5.2          If the legal basis for processing the Personal Data is:

5.2.1      performance of a legal obligation, then this means first and foremost that OEG is required to process certain Personal Data by law. In this case we cannot decide which personal data are collected and processed, as it derives from applicable laws;

5.2.2      performance of a contract, then this means processing Personal Data for the performance of a contract to which you are a party, i.e. the main rules and rules of games of chance and the game rules, which you have accepted upon registration to the Service;  

5.2.3      OEG’s legitimate interest, this means first and foremost the objective of improving the Websites and OEG’s business activities. However, specifics of the legitimate interests, as used in each separate case, are referred in the table below;

5.2.4      consent, this means first and foremost that Personal Data shall only be processed, if your consent is granted, for example, objective of ensuring an effective user experience by adjusting the Service is only possible upon your consent, without your consent it would not be possible to tailor the Service to meet your preferences.

5.3          The following depicts a non-exhaustive list of processing purposes that are linked to the specific data categories and legal basis for processing:

Processing purpose

Legal basis for the processing purpose

Categories of personal data used by us for the processing purpose

Sending marketing info to you via e-mail, SMS or phone; tailor the content of the marketing info based on your preferences

Your consent provided by ticking your preferences on the “Communication settings” page; your consent provided for the application of certain cookies

Marketing Data; Cookie Data

Registering your user account on the Website

Performance of the contract between you and OEG

Registration Data

Identification and registration of politically exposed persons

Performance of a legal obligation under Section 20 (1) 5) of the Estonian Money Laundering and Terrorist Financing Prevention Act

AML Data

Record keeping about the bets made by you, funds transferred to us for making the bets, refunds made, and monetary transfers made to you

Performance of a legal obligation under Section 53 (1) 4) of the Estonian Gambling Act

Verification Data, Gambling Data

 

Self-exclusion check from the Tax and Customs Board registry

Performance of a legal obligation under Section 39 (8) of the Estonian Gambling Act

Customer ban check from OEG’s ban registry

Performance of a legal obligation under Section 33 (1) and enforcing of the contract between you and OEG

Registering your entrance and exiting from the Service (log in to the Service’s environment)

Performance of a legal obligation under Section 53 (1) 3) of the Estonian Gambling Act

Registering and displaying you the information about for how long you have been playing and the amounts of bets made and prizes won

Performance of a legal obligation under Section 55 (4) of the Estonian Gambling Act

Improvement, personalisation (preferences) and development of the Websites and the Service

OEG’s legitimate interest in developing and enhancing the Websites, the Services and the user experience in the course of its regular business activities

Technical Data, Cookie Data, Communication Data

Enabling customer support and communication between you and OEG; customer feedback registration and handling

OEG’s legitimate interest in providing effective user relations management

Communication Data

Transfer of funds from a payment service provider or from a bank to your online Service account

Performance of the contract between you and OEG

Gambling Data, Transfer Data

Transfer of the winning amount payment to your banking account

Verifying that your banking account data matches your Service’s account data

Performance of a legal obligation under Sections 53 (1) 5) and 6) of the Estonian Gambling Act

Verification Data, Transfer Data, Registration Data

Tracking and registration of customer transaction starting from 2000 € pursuant to the anti-money laundering requirements

Performance of a legal obligation under Section 19 (3) of the Estonian Money Laundering and Terrorist Financing Prevention Act

Verification Data

 

Reporting to the Estonian Financial Intelligence Unit about your monetary operations starting from 32 000 €

Performance of a legal obligation under Section 49 (3) of the Estonian Money Laundering and Terrorist Financing Prevention Act

Verifying your identity and age

Performance of a legal obligation under Section 53 (1) 1) and 2) of the Estonian Gambling Act

Diagnose and repair problems with the Websites and the Service

OEG’s legitimate interest in providing data security and preventing fraudulent actions related to the Websites and the Service, also, ensure the functioning of the Websites and the Service

Technical Data, Gaming Data, AML Data, Verification Data

Analysing statistical data regarding the usage of the Websites and Service

OEG’s legitimate interest in analysing the functioning of the Websites and Service for its business development

Technical Data, Cookie Data, Gaming Data

Data transfers to separate data controllers for receiving verification, payment and fraud prevention services

OEG’s legitimate interest in detecting and deterring suspicious and fraudulent actions related to the Websites and the Service

Technical Data, Cookie Data, Gaming Data, Verification Data, Transfer Data

Providing the online gaming environment as a Service for casino, poker or sports betting

Performance of the contract between you and OEG

Registration Data, Verification Data, AML Data, Gambling Data, Transfer Data, Communication Data, Technical Data, Marketing Data, Cookie Data

Ensuring the safety of the Websites and the Service by detecting and preventing (including by automated means) the use of interfering software, devices and techniques

OEG’s legitimate interest in ensuring the safety of data processing, the Websites and the Service

Data transfers within the OEG group

OEG’s legitimate interest in utilising shared administrative infrastructure and optimising costs (including data storage)

Storing materials containing Personal Data in OEG’s backup systems

OEG’s legitimate interest in ensuring the security of data processing operations

 

5.4          We may process your Personal Data for other purposes, provided that OEG discloses the purposes and use to you at the relevant time, and that you either consent to the proposed use of the Personal Data, other legal grounds exist for the new processing purposes or the new purpose is compatible with the original purpose brought out above.

6              Automated decision making and profiling

6.1          In the course of you browsing the Websites and using the Service, OEG may sometimes apply automated processing to your Personal Data and make automated decisions based on your Personal Data. These automated decisions can affect the content and access to the Service or its features.

6.2          In the following situations we may apply automated decision making as authorised by applicable laws or is necessary for the performance of the contract between you and OEG:

6.2.1      Verifying your identity and allowance of providing access to the Service upon registration of the user account on the Websites: upon registering to the Service on the Websites, we verify via automated decision whether you meet the criteria for registering the user account and accessing the Service. The decision-making process entails analysing your Personal Data, such as date of birth (age), personal identification number, nationality, self-exclusion data and gaming-exclusion data against the statutory allowance requirements. These data are usually directly made available by you or gathered from the databases available to OEG in relation to providing the Service (e.g.  list of persons with restrictions on gambling). As a result of the automated decision your registration and access to the Service is completed or declined; 

6.2.2      User payment verification: according to applicable laws, OEG is obliged to check whether your payment account details match the user account details you have provided for the use of the Service. Personal Data subject to such automated decision are the banking account details (name, banking account number). These data are collected directly from you and received from the payment service provider. As a result of the automated decision any money transfer to your user account or to you is completed or declined;

6.2.3      Risk assessment and compliance with the sports rules and other Service’s rules: pursuant to the sports rules, OEG does not allow cooperation between customers and thus applies active measures to avoid the use of scripts, bots and other devices and techniques interfering the fair play. To combat any interferences of fair play and non-compliances of the binding Service’s rules, we analyse your activities on the Websites and in the Service. For such analysis we mainly rely on the Technical Data and Gambling Data as defined in Sections 4.1.4. and 4.1.7. above.  We compare such data against data previously collected by us or received from third party service providers about you or your device. As a result of the automated decision, OEG and/or the engaged gaming service provider (who processes such data in aggregated manner based merely on User ID) may restrict the access to the Service’s functions (e.g. cancel repeated bets from the same IP address or shared address, limit maximum bet amounts, etc.) if the activity is non-compliant;

6.2.4      Fraud detection: pursuant to the applicable laws, OEG is obligated to detect and deter activities relating to money laundering and fraud. For this purpose, OEG or a fraud prevention service provider compares your device’s online identifiers (e.g. Technical Data and Cookie Data as defined in Sections 4.1.7. and 4.1.9. above) and Gambling Data (see 4.1.4 above) against similar type of data previously collected about you or your device used to access the Websites. If it is detected that your account or device has fraudulent pattern or is connected to money laundering, as a result of the automated decision, OEG may restrict your access to the Service (e.g. block or freeze your user account).

6.3          The automated decisions described in Section 6.2 above usually take place without human intervention. You have the right to obtain human intervention in regard to the decision making defined in Sections 6.2.3 and 6.2.4; express your point of view in regard to such decision and contest the decision.

7              PErsonal data retention period

7.1          Your Personal Data (all data categories mentioned in Section 4.1.9, except for Cookie Data) shall be stored insofar as reasonably necessary to attain the objectives stated in Section 5 of this Notice, or until the legal obligation stipulates that we do so. The following is a non-exhaustive summary with examples on storing your Personal Data:

7.1.1      Registration Data, Verification Data, AML Data and Gambling Data will be retained up to 7 years as of the last log-in to your user account;

7.1.2      Transfer Data will be retained for 7 years as of the end of the financial year the transaction was recorded in the accounting documents. Please note that the data about transactions starting from 2000 € will be retained for 7 years as of the last log-in to your user account;

7.1.3      Marketing Data will be retained for 7 year as of the collection of such data;

7.1.4      Communication Data will be retained for 7 years as of the collection of such data;

7.1.5      Technical Data will be retained for 30 days as of the collection of such data.

7.2          After the retention period mentioned in Section 7.1 of this Notice, we might either retain your Personal Data for longer period if it is necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes and enforce the contract between you and OEG or anonymize your Personal Data and retain this anonymized information indefinitely.

7.3          After the expiry of the retention period referred to in Section 7.1. of this Notice or the termination of the legal basis for processing purpose, OEG shall retain the materials containing the Personal Data in the backup systems, from which the corresponding materials will be deleted after the end of the backup cycle. OEG ensures that during the backup period, appropriate safeguards are applied to the materials in the backup. The backed-up materials are put beyond the use, i.e. are not processed for any other purpose, and the materials are deleted by OEG as soon as possible, i.e. after the end of the OEG’s backup cycle, the Personal Data will be destroyed. 

8              Your rights as a data subject

8.1          We have a legal obligation to ensure that your Personal Data is kept accurate and up to date. We kindly ask you to assist us to comply with this obligation by ensuring that you inform us of any changes that have to be made to any of your Personal Data that we are processing.

8.2          You may, at any time, exercise the following rights with respect to our processing of your Personal Data by contacting us via contact information referred to in this Notice:

8.2.1      Right to access: you have the right to request access to any data that can be considered your Personal Data. This includes the right to be informed on whether we process your Personal data, what Personal Data categories are being processed by us, and the purpose of our data processing;

8.2.2      Right to rectification: you have the right to request that we correct any of your Personal Data if you believe that it is inaccurate or incomplete;

8.2.3      Right to object: you are entitled to object to certain processing of Personal Data, including for example, making automated decisions based on your Personal Data or when we otherwise base the processing of your Personal Data on our legitimate interest;

8.2.4      Right to restrict Personal Data processing: you have the right to request that we restrict the processing of your Personal Data if you wish to: (i) object the lawfulness of the processing; (ii) fix unlawful processing of Personal Data; (iii) receive or avoid deletion of Personal Data for establishing or defending against legal claims; or (iv) demand restriction of the processing until assessing the plausibility of OEG’s legitimate interest in the specific processing activity;

8.2.5      Right to erasure: you may also request your Personal Data to be erased if the Personal Data is no longer necessary for the purposes for which it was collected, or if you consider that the processing is unlawful, or if you consider that the Personal Data has to be erased to enable us to comply with a legal requirement;

8.2.6      Right to data portability: if your Personal Data is being automatically processed with your consent or on the basis of a mutual contractual relationship, you may request that we provide you that Personal Data in a structured, commonly used and machine-readable format. Moreover, you may request that the Personal Data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible;

8.2.7      Right to withdraw your consent: in cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time without any adverse effect;

8.2.8      Right to submit your claim with the supervisory authority: if you are not satisfied with our response to your request in relation to Personal Data or you believe we are processing your Personal Data not in accordance with the law, you can submit your claim with the Estonian Data Protection Inspectorate (in Estonian Andmekaitse Inspektsioon) at [email protected] (https://www.aki.ee/).

8.3          Please note that you will need to provide sufficient information for us to handle your request regarding your rights brought out in Section 8.2 of the Notice. Prior to answering your request, we may ask you to provide additional information for the purposes of authenticating you and evaluating your request.

9              Sharing your personal data and data transfers

9.1          OEG discloses your Personal Data to third parties only in accordance with this Notice and to persons authorised to process Personal Data, who have undertaken to observe confidentiality or are subject to appropriate statutory confidentiality. In specific cases, OEG will only share your Personal Data with a third party if you have given consent to such disclosure.

9.2          Only if necessary for fulfilling its statutory or contractual obligations, OEG may disclose your Personal Data to the following recipients (including data processors) in its data processing activities (as necessary):

Type of the recipient

Purpose of disclosure

Location of the recipient

Online game service providers

Providing you with the online gaming environment (note that the Personal Data is mainly disclosed in aggregated format, which does not identify you specifically)

Mainly European Union, but also Isle of Man, Guernsey, and Canada

Verification and authentication service providers

Providing verification and authentication services to provide you access to the Service; and deter and detect fraud

European Union and USA

Payment service providers (including payment institutions, e.g. banks) and other money transfer service providers

Transfer of funds from a payment service provider or from a bank to your online Service account and transfer of the winning amount payment to your banking account

Mainly European Union, but also Guernsey

Fraud prevention service providers

Ensuring compliance with OEG’s legal obligations to ensure the safety of the Service and Personal Data by engaging fraud prevention service providers to detect and deter suspicious and fraudulent actions on Websites and the Service

USA

Law enforcement and data protection authorities

OEG discloses your Personal Data to law enforcement and data protection authorities only if we are under a duty to disclose or share these data in order to comply with any legal obligation (for example, if required to do so under applicable law, by a court order or for the purposes of prevention of fraud or other crime)

European Union

Operational service providers (legal advisors, accounting etc. bound to confidentiality)

Legitimate interests in ensuring the functioning of the Websites and the Service; conducting of regular business activities

European Union

IT-services providers

Providing IT solutions necessary for operating the Websites and the Service

Mainly European Union and USA

Third party service providers

Providing you with the possibility to connect your user account with your social media accounts.

Mainly European Union and USA

OEG group entities

For the purposes utilising the shared administrative infrastructure

European Union

 

9.3          In some cases, we may transfer your Personal Data outside the European Union or European Economic Area, if the respective operational services are provided outside the European Union or European Economic Area. We shall opt to use special Personal Data protection safeguards, in order to ensure the safety of your Personal Data. You have the right to get acquainted with or obtain information on the comprehensive list of data processors, transferring of your Personal Data outside the European Union or European Economic Area and the safeguards implied thereof by contacting us using the contact information specified in this Notice.

10           Amendments to this notice

10.1        This Notice may be amended or modified from time to time to reflect changes in the way we process Personal Data and, in such case, the most recent version of the Notice will appear on this page. Please check back periodically, and especially before you provide any new personally identifiable information.

Last updated on 17.07.2019.