What is data processing?
As an example, take the account registration process on our Website: you are required to provide your date of birth, which we collect and use to verify if your age is above the minimum age required in order to be allowed to use our services. This means that we process your date of birth, which represents personal data.
While we do so, we make sure to observe all legal requirements concerning data protection, including but not limited to the Data Protection Act 2018.
What personal data do we process?
To provide our services on the Website/App, we must process your personal data. The types of personal data we collect depend on your activities and how you use our services, and are as follows:
Data you provide while creating an account, which includes, but is not limited to:
- Name and surname;
- E-mail address;
- Home address;
- Phone number;
- Date of birth;
- Proof of identity, age, address or payment method ownership.
Website/App activity data, which includes, but is not limited to:
- Device information;
- Source and destination data;
- Username, player ID, account username and password, gaming transactions;
- Online payments data;
- Data disclosed to our Customer Service so we can provide and improve our support (including through e-mails and phone calls).
Data provided by Government authorities or authorized third-party companies, which we need in order to fulfil our regulatory obligations, respect the agreed Terms and Conditions, and exercise our legal rights.
Data provided by third parties who receive your data when you visit or use their services, and they already have your permission to share your data with us because we demand our partners have lawful rights to collect, use and share your data before providing it to us. We include here, for example, social media and, where applicable, different mobile applications.
Data collected from publicly available sources, in which case we process the respective data within the scope of observing our legal and regulatory obligations. Such a situation includes, for example, the data we collect relating to responsible gaming.
Please note that you are not legally required to make your personal data available to us. Nevertheless, in order to be able to register an account on our Website/App, you have to provide all the information marked as mandatory. Without this information, we are not able to enter into a contractual relationship with you, which means you are not able to benefit from our services.
Why do we process your personal data?
Our main purpose for processing your personal data is to provide our services to you. More precisely, to fulfil this purpose, we have to process personal data in order to:
Make our Website functional and useful to you, including for setting up and using your account.
Make sure your personal data is accurate, first of all for your own protection, but also for age verification, preventing fraud, cheating or money laundering, reducing business risks and protecting the integrity of our games. For this, a certain degree of semi-automatic profiling might be used, based on your registration and gambling activity data.
Fulfil the Website/App Terms and Conditions, including with respect to the delivery of live games.
Process online payments with third-party payment providers and/or financial institutions.
Provide the best customer support to you. To do this, your phone conversations with our Customer Service will be recorded for security reasons, due to regulatory obligations, and to improve our services.
Comply with all applicable laws and regulatory obligations, such as, but not limited to, gambling, financial, anti-money laundering, responsible gaming and consumer protection regulations. For this, a certain degree of semi-automatic profiling might be used, based on your registration and gambling activity data.
Protect your safety and public safety, privacy and security, as well as, if necessary, protect, enforce, or defend our legal rights, privacy, safety or property, or for business risk management purposes.
Improve the security, services and features of our Website. This might entail providing partially customised services, features and recommendations, conducting research and surveys, asking for your optional feedback, and providing internal trainings and Affiliates services.
Conduct and complete any potential organisational business changes, such as mergers, transfers or sale of assets. In a case of selling all or part of the business or assets, or if we are involved in a merger or transfer, we might disclose and transfer your personal data to the other parties involved in the business transactions. Should such case arise, you will be duly and timely informed.
Optionally, and only with your specific consent: to provide customised marketing communications fitting your interests and expectations, or direct marketing communications that have a generic nature or are partially based on your gambling journey, and/or can be customized via: e-mail, instant messages, and (where applicable) chats, SMS and telephone or social media
We try to keep all data processing as simple and limited as possible, and take it upon us not to use your personal datafor anything other than the purposes specified above. In case the data would need to be processed for other purposes and/or by other parties, you will be informed.
On what legal grounds do we process your personal data?
Our legal basis for processing your personal data is highly dependent on the purpose of the processing activity, and may vary depending on the service you are using.
In general, we process your personal data on the following legal grounds:
Fulfilling our contractual obligations to you. We process your personal data to fulfil our obligations described in our Terms and Conditions, as processing your data is necessary for the performance of our Website. Otherwise, we wouldn’t be able to provide our services, and you wouldn’t be able to enjoy the entertainment experience on our Website.
Observing our legal obligations. We process your personal data as needed to comply with all applicable national and international laws and regulations, relating to gambling, responsible gaming, finance, anti-money laundering and fraud, and consumer protection, among others.
Your consent. We process your personal data only if we have your consent for the specific processing activities where consent is needed. Without your consent, we will be stopped from further processing your personal data based on this particular legal ground, but this will not affect the lawfulness of processing based on your consent before consent was withdrawn. Without your consent, we will not provide generic and/or customized marketing communications.
How do we process your personal data?
We process your personal data with partially or fully automated electronic means, and protect it with adequate security measures, established and maintained according to the highest international standards for data security. The activities that may cause significant legal effects, such as decisions based on profiling, always involve a human intervention and/or final decision.
Do we share your personal data?
We only share your personal data with third parties when this is required to perform the services we are obliged to provide you with, when you have given us your consent for the sharing of your personal data, or when we are obliged to on legal grounds, by court order, or at the request of another official authority.
In other words, the data can be shared in compliance with these limits:
With our employees who are responsible for the processing and safekeeping of the data, and whose employment relationship with us is bound by a confidentiality obligation.
With our parent company, our sister companies and other third-party providers, who help us provide our services according to our Terms and Conditions, such as, but not limited to, payment services providers, marketing services providers, responsible gaming service providers, or credit reference agencies. For example, we provide data to our service provider TransUnion for identification purposes – please click here to read more, or to The Independent Betting Adjudication Service (IBAS) in case of alternative dispute resolution procedures.
With government authorities in order to comply with our legal and reporting obligations, which may involve reporting of fraudulent or criminal suspicion and responsible gambling cases to relevant authorities or other authorised third parties.
Third parties’ access to your personal data is limited to the information necessary to perform their function on our behalf or as required by law. The sharing of data is subject to confidentiality and sufficient safeguards regarding the lawful and secure processing of your personal data by our partners.
Is your personal data transferred abroad?
Data is transferred with no restrictions within the European Economic Area (the “EEA”). We shall not transfer your personal data to countries outside the EEA unless appropriate safeguards for the protection of your data are in place, following the high standards for data protection established by the European Union General Data Protection Regulation (the “EU GDPR”).
Having in mind some of the highest standards for data protection worldwide, the European Union, through the European Commission, recognizes certain non-EEA states as providing an adequate level of data protection. We, too, deem these countries safe for data to be transferred to, in justified cases.
For transfers of data to countries whose safeguards for data protection are not considered adequate by the European Commission, we take it upon ourselves to put in place appropriate safeguards to protect the data in compliance with data protection regulations, by concluding our contractual relationships with our partners in such a way that they guarantee an acceptable level of protection for the data we transfer to them.
Under these conditions, the personal data you provide to us may be processed outside of the EEA and the United Kingdom to deliver some of the Website/Apps services, as follows:
Some data may be processed in the USA, depending on the payment provider chosen by you, and the activities undertaken by the payment provider.
How long do we keep your personal data?
We seek not to keep your personal data for longer than it is necessary for legal or regulatory reasons, or for legitimate organizational purposes. The period for which we keep and/or use your data depends on aspects like the nature of the data, the reasons why it is collected and processed, and relevant legal or operational retention needs.
The following periods and criteria will apply, unless a different period is required or permitted by law, or we have reasonable belief that a different period is necessary:
What are your rights regarding the personal data you provide to us?
You have legal rights available to you with regard to data access, rectification, erasure, restriction of processing and objection to processing, as well as the right to data portability, amongst others. In addition, you can withdraw any consent you may have given to data processing at any time, and have the right to lodge a complaint with a supervisory authority.
Your rights regarding the personal data you provide to us are detailed below, and can be exercised through our Customer Service, at email@example.com.
Right of access
You can request to receive clear and transparent access to information regarding the way we process your personal data. Some of this information is already provided in your account.
Right to rectification
We try to keep your personal data accurate and up to date. You have the right to demand that we correct any of your personal data that is incorrect, and/or complete any personal data that is incomplete.
Right to erasure
We will, on your request, delete the personal data belonging to you, which we process. However, please keep in mind that this may result in the termination of the services we provide to you, meaning that it is possible that you will not able to enjoy the entertainment experience on our Website/Apps anymore.
Right to restriction of processing
In certain cases and for grounded reasons, you can demand that restrictions be placed on the processing of your personal data, which would permanently or temporarily limit our possibility to use your personal data, without having to delete it. However, please keep in mind that in such cases, we might not be able to continue providing our services in their entirety.
Right to data portability
Upon your request, we will provide an electronic copy of your personal data which is being processed by us. Such a copy can also be sent to a different service provider.
Right to withdraw consent
You can withdraw the consent you have given us for the processing of your personal data at any time. This right can be exercised through specific means, such as opt-out mechanisms or un-subscriptions.
All of the above rights can be exercised under normal circumstances free of charge, by sending us a written request. We will do our best to respond to your requests as quickly as possible, but under certain circumstances other legal obligations or third-party rights may slow down the process. Depending on a nature of the request, you will receive an answer from us within a one-month term, which can be extended by two further months due to complexity or the number of requests we are dealing with at a certain time. Please note that for justified reasons, we are entitled to deny your request, or to charge a reasonable fee if it is manifestly unfounded or excessive.
Right to lodge a complaint
You have the right to submit an official complaint to the supervisory authority dealing with data protection issues in your country, the Information Commissioner’s Office (the “ICO”).
Is your personal data secure with us?
We take security very seriously and are committed to observing the highest standards for the security of your personal data. We seek to implement and maintain our policies and processes in accordance with the most trusted international requirements for data security, and make sure that these are followed by all of our employees and collaborators, so as to prevent unauthorized or unlawful processing, accidental loss, destruction and damage. By doing this, we don’t eliminate all risks, but we do limit them significantly, decreasing the likelihood of data breaches. However, in the unlikely event of a data breach, not only do we seek to timely assess the incident and mitigate the impact, but also make sure to let you know if the data breach affects your personal data significantly.
We, Capital Office Ltd, registered in Rainbow riches casino under number 1788, assume the role of data controller responsible for the processing of your personal data through the Website https://www.rainbowriches.casino/ and In other words, we are the legal entity who determines why and how your personal data is processed in order for you be able to enjoy the full entertainment experience on our platform.
You can contact us online, via e-mail at firstname.lastname@example.org, or by mail at Kemp House, 152 – 160 City Road, London, EC1V 2NX, England & Wales. If you want to get in direct contact with our Data Protection Officer.