Privacy Policy
Information about the processing of personal data of online customers
Approved: 24.05.2018
- For personal data processing the controller is OB Holding 1 OÜ (hereinafter - “Company”) with address Pronksi 19, 10124 Tallinn, Estonia, +372 667 1250, [email protected].
- Company data protection officer is Aare Reinsalu (Pronksi 19, 10124 Tallinn Estonia, +372 667 1072, [email protected]).
- Customer has a right to obtain confirmation from the Company as to whether or not his/her personal data are being processed and to obtain access to his/her personal data.
- If personal data are not collected from the data subject, then he/she has the right to know the source of the personal data.
- Customer has a right to obtain the rectification of inaccurate personal data.
- Customer has the right to withdraw his/her consent to personal data processing at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- Customer has a right to stop his/her personal data processing for direct marketing purposes.
- Customer has a right to obtain the erasure of his/her personal data.
- Customer has a right to obtain the restriction and objection of the processing of his/her personal data.
- Customer has a right to receive the personal data, which he/she has provided to a controller, in a structured, commonly used and machine-readable format.
- For providing a service the Company can share customer data with other Olympic Entertainment Group companies.
- Customer has a right to lodge a complaint to the Estonian Data Protection Inspectorate by sending an application to [email protected] or visiting Väike-Ameerika 19, 10129 Tallinn, Estonia.
- Data subject’s processing details
|
13.1 |
Registering account in online casino |
|
Basis |
Legal obligation: Gambling Act §53 (1) 2) |
|
Specification |
The possible consequence in case of failure to provide such data is that the Company will refuse to register the account |
|
Categories of recipients |
Customer support employees, Casino Operations manager, Risk manager, Marketing department employees, IT department employees |
|
Retention |
7 years from customer last login |
|
13.2 |
Verifying customer account in online casino |
|
Basis |
Legal obligation: Gambling Act §53 (1) 2) |
|
Specification |
The possible consequence in case of failure to provide such data is that the Company will refuse to register the account |
|
Categories of recipients |
Customer support employees, Casino Operations manager, Risk manager, Marketing department employees, IT department employees |
|
Retention |
7 years from customer last login |
|
13.3 |
Customer login to online casino |
|
Basis |
Legal obligation: Gambling Act §53 (1) 3) |
|
Specification |
The possible consequence in case of failure to provide such data is that the customer does not have the opportunity to enter the online casino |
|
Categories of recipients |
Customer support employees, Casino Operations manager, Risk manager, Marketing department employees, IT department employees |
|
Retention |
7 years from customer last login |
|
13.4 |
Customer personal data check from Tax Office self-exclusion registry |
|
Basis |
Legal obligation: Gambling Act §39 (8) |
|
Specification |
The possible consequence in case of failure to provide such data is that the customer is not allowed to participate in gambling |
|
Categories of recipients |
Customer support employees |
|
Retention |
Query data is not stored |
|
13.5 |
Customer personal data check from company ban registry |
|
Basis |
Legal obligation: Gambling Act §33 (1) and §35 (4) |
|
Specification |
The possible consequence in case of failure to provide such data is that the customer is not allowed to participate in gambling |
|
Categories of recipients |
Customer support employees, Casino Operations manager, Risk manager, Marketing department employees, IT department employees |
|
Retention |
7 years from customer last login |
|
13.6 |
Identification and registration politically exposed persons |
|
Basis |
Legal obligation: Money Laundering and Terrorist Financing Prevention Act §20 (1) 5) |
|
Specification |
|
|
Categories of recipients |
Customer support employees, Casino Operations manager, Risk manager, Marketing department employees, IT department employees |
|
Retention |
7 years from customer last login |
|
13.7 |
Customer feedback registration and handling |
|
Basis |
Legal obligation: Gambling Act §35 (1) 5) |
|
Specification |
The possible consequence in case of failure to provide such data is that feedback is not recorded or resolved |
|
Categories of recipients |
Customer support employees, Casino Operations manager, Risk manager, Marketing department employees, IT department employees |
|
Retention |
7 years from customer last login |
|
13.8 |
Money transfer to online customer bank account |
|
Basis |
Legal obligation: Gambling Act §53 (1) 6) |
|
Specification |
The possible consequence in case of failure to provide such data is that the Company refuses to execute the transaction |
|
Categories of recipients |
Customer support employees, Accounting department employees, IT department employees |
|
Retention |
7 years |
|
13.9 |
Transfer of funds from a payment service provider or from a bank to an online customer account |
|
Basis |
To fulfil the contract |
|
Specification |
The possible consequence in case of failure to provide such data is that the transaction cannot be executed |
|
Categories of recipients |
Customer support employees, Accounting department employees, IT department employees |
|
Retention |
7 years |
|
13.10 |
Playing on online casino, poker or sports betting |
|
Basis |
Legal obligation: Gambling Act §53 (1) 4) |
|
Specification |
The possible consequence in case of failure to provide such data is that the customer is not allowed to participate in gambling |
|
Categories of recipients |
Customer support employees, Casino Operations manager, Risk manager, Marketing department employees, IT department employees |
|
Retention |
7 years from customer last login |
|
13.11 |
Starting €2000 operation registration to fulfil AML requirements |
|
Basis |
Legal obligation: Money Laundering and Terrorist Financing Prevention Act §23 (2) 3) |
|
Specification |
The possible consequences in case of failure to provide such data is that the customer is not allowed to participate in gaming and that the Company will refuse to pay out winnings |
|
Categories of recipients |
Risk manager, IT department employees |
|
Retention |
7 years from customer last login |
|
13.12 |
Collection personal data of potential customers in public events |
|
Basis |
Data subject consent |
|
Specification |
|
|
Categories of recipients |
Employees participating in the event, Marketing department employees, System administrator |
|
Retention |
Until customer consent withdrawn |
|
13.13 |
Sending marketing info to customer through email |
|
Basis |
Data subject consent |
|
Specification |
|
|
Categories of recipients |
Marketing department employees |
|
Retention |
1 year |
|
13.14 |
Share gaming data of affiliate customers with affiliated partners |
|
Basis |
To fulfil the contract with affiliated partner |
|
Specification |
|
|
Categories of recipients |
Online helpdesk employees, Affiliate manager, System administrator |
|
Retention |
7 years |
