Privacy & Management of Personal Data
1. INTRODUCTION
By using and/or visiting any section of the Winna B.V. website at www.winnables.com (the “Website”) or by connecting your e-wallet you agree to be bound by the privacy policy.
This privacy policy describes how we collect, use, process, and disclose your information, including personal information, in conjunction with your access to and use of this Website (“Privacy Policy”).
The Kurason Trust Curacao N,V (“Data Controller”) is the company that determines the purposes and means of the processing of personal data under this Privacy Policy The Data Controller acts in its capacity of data controller determining the purposes and means of the processing of your personal data.
When we process the winning sum, you will be also providing your information, including personal information, to Data Controller. Data Controller will process your information to analyse and report any activity which raises suspicion of fraud, money laundering, funding of terrorism, or any other illegal activity in compliance with applicable law, as better specified below.
Please see Section 7 for contact details of the Data Controllers.
2. INFORMATION WE COLLECT
There are two general categories of information we collect.
2.1. INFORMATION YOU GIVE US
When using any of the Website’s products you will be asked to provide us with true, updated and accurate personal information that will allow us to identify you. We ask for and collect the following personal information about you when you use the Website. This information is necessary for the adequate performance of the contract between you and us and to allow us to comply with our legal obligations. Without it, we may not be able to provide you with all the requested services.
We collect your name and surname, date of birth, place of residence, and email address that you provide upon registration. This data is processed for the purpose of player identification.
We also collect your ID document, proof of your address, proof of payment and phone number you provide us with. This data is processed for the purpose of player verification and KYC. The legal basis for this processing is our legal obligation to comply with anti-money laundering regulations and age verification requirements.
When you communicate with us, we collect your name, your email, and any information about your communication. This data is processed for the purpose of providing you a support service and in order to maintain accurate records of the information that we have received from you, given our legitimate interest in improving the Website and our users’ experience with it, and for the adequate performance of the contract with you.
We may combine the information provided by you with other information about you which is available from publicly available sources which may be relevant to your use of the Website, for the purposes of verifying your identity to prevent and detect crime and money laundering.
2.2. INFO WE AUTOMATICALLY COLLECT FROM YOUR USE OF THE WEBSITE
When you use the Website, we automatically collect information, including personal information, about the services you use and how you use them. This information is necessary for the adequate performance of the contract between you and us, to enable us to comply with legal obligations and given our legitimate interest in being able to provide and improve the functionalities of the Website and in preventing fraud.
When you access or use the Website, we collect information such as your IP address, location, information about the device(s) and the browser you use, details of the web pages you have viewed; when you use the payment services, we collect information related to your e-wallet through the Website, including the payment date and time, payment amount, payment instrument expiration date, email address, your address and other related transaction details. This information is necessary to comply with different countries’ applicable laws and regulations (such as anti-money laundering regulations) and for anti-fraud monitoring purposes.
We use cookies and other tools (such as web analytic tools and pixel tags) for the purposes described above and also to analyse traffic to the site and customise content and advertising. For more information, please read our Cookie Policy. We will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our Website.
3. HOW WE USE INFORMATION WE COLLECT
We use, store, and process information, including personal information, about you to provide, improve, and develop the Website, create and maintain a trusted and safer environment and comply with our legal obligations.
In particular, to:
- Enable you to access and use the Website (or other Websites operated by us), operating and managing your account.
- Operate, protect, improve, and optimise the Website and user experience.
- Provide you with personalised use of our services so that we can offer you and other players a better service.
- Profile you so that we can better understand your preferences and which products and offers would be most suitable for you and customers like you.
- Provide customer service.
- Send you service or support messages, updates, security alerts, and account notifications.
We process this information given our legitimate interest in improving the Website and our users’ experience with it, and where it is necessary for the adequate performance of the contract with you.
- Detect and prevent fraud, spam, abuse, security incidents, and other harmful or illegal activity.
- Monitor your gambling patterns and to identify possible responsible gambling concerns.
- Conduct security investigations and risk assessments.
- Conduct checks against databases and other information sources, including background or police checks, to the extent permitted by applicable laws and with your consent where required.
- Verify or authenticate information or identifications provided by you.
- Conduct KYC verification, to the extent permitted by applicable laws and with your consent where required.
- Comply with our legal obligations.
- Enforce our terms of service and other policies.
We process this information given our legitimate interest in protecting the Website, to measure the adequate performance of our contract with you, and to comply with applicable laws. The Data Controller uses the information collected to:
- Enable you to access and use the winnings.
- Investigate suspected unlawful, fraudulent, or other improper activity connected with use of the Website and to report a crime or suspected crime, including money laundering or fraud.
- Conduct security investigations and risk assessments.
- Conduct checks against databases and other information sources.
- Comply with legal obligations.
- Comply with requests for information from the relevant Competent Authorities.
- Enforce our Terms of Services and other policies.
We may use your data also to:
- Contact you in relation to promotions, products, or services that you may be interested in from time to time, but only where you have consented to receive such marketing communications.
- Carry out certain profiling of you and your activity on the Website to personalise, measure, and improve our marketing and to send you more relevant marketing communications.
In such cases we will process your personal information for the purposes listed in this section given our legitimate interest in undertaking marketing activities to offer you products or services that may be of your interest. You can always opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications or changing your notification settings within your account.
Our website incorporates privacy controls which affect how we will process your personal data. You can access the privacy controls via your account settings.
4. SHARING AND DISCLOSURE
4.1. COMPLIANCE WITH LAW, RESPONDING TO LEGAL REQUESTS, PREVENTING HARM AND PROTECTION OF OUR RIGHTS.
We may disclose your information, including personal information, to courts, law enforcement or governmental authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary: (i) to comply with our legal obligations, (ii) to comply with legal process and to respond to claims asserted against us, (iii) to respond to requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability, (iv) to enforce and administer our Terms of Service, or (v) to protect our and our employees’ rights, property or personal safety.
We may access and share your information with regulators, law enforcement or others in response to a legal request, if we have a good-faith belief that the law requires us to do so. We can also respond to legal requests when we have a good-faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction and is consistent with internationally recognised standards and/or we have a good-faith belief that it is necessary to: detect, prevent and address fraud, unauthorised use of the service, breaches of our Terms or Policies, or other harmful or illegal activity; to protect ourselves (including our rights, property or service), you or others, including as part of investigations or regulatory enquiries.
The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights and proper protection of our business against risks.
Where appropriate, we may notify you about legal requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, or create or increase a risk of fraud upon us. In instances where we comply with legal requests without notice for these reasons, we will attempt to notify you about the request after the fact where appropriate and where we determine in good faith that we are no longer prevented from doing so.
4.2. THIRD PARTIES SERVICE PROVIDERS
We use a variety of third-party service providers to help us provide services related to the Website and the payment services. Service providers may be located or carry out their activity inside or outside of the European Economic Area (“EEA”).
These providers have limited access to your information and are contractually bound to protect and to use it on our behalf only for the purposes for which it was disclosed and consistent with this Privacy Policy.
For example, service providers may help us: verify your identity or authenticate your identification documents, check information against public databases, conduct background or police checks, fraud prevention, and risk assessment, provide customer service, advertising or web traffic analysis.
We may share some of your information with such third parties service providers in order to ensure the adequate performance of our contract with you, for our legitimate interest and to comply with our legal obligations. We will require your consent when needed.
For example, , we share your personal data (like your name, surname, date of birth, address, email address, phone number) with our service providers for KYC checks, fraud prevention or player protection; we share some of your personal information like your name, date of birth, email address, country with our gaming service providers for account management and fraud detection purposes; we may share data such as your name, gender, age, language, marital status, mobile number, revenue amount, email, registered date with our service providers for marketing campaigns.
We may share your personal data (like name, username, email address, address, phone number) with service providers who assist us in enhancing your user experience and in offering you, our service. We also share information about your use of our site with our trusted social media, advertising, and analytics partners.
Third-party payment providers may also collect and process your data on their own to comply with their legal obligations. Such service providers have their own privacy policies in respect to the information we are required to provide them with for your transactions and they are separate controllers which bear the responsibility for your payment data. We recommend that you read their privacy policies, so that you can understand the way your personal information will be handled by these providers.
You can always contact us to receive the full list of our service providers which process your data.
4.3. CORPORATE AFFILIATE
We may share your information, including personal information, to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
4.4. AGGREGATED DATA
We may also share aggregated information (information about our users that we combine so that it no longer identifies or references an individual user) and other anonymized information for regulatory compliance, industry and market analysis, demographic profiling, marketing, and advertising, and other business purposes.
4.5. BUSINESS TRANSFERS
If we undertake or are involved in any merger, acquisition, reorganization, migration of the players’ database, sale of assets, bankruptcy, or insolvency event, then we may sell, transfer, or share some or all our assets, including your information in connection with such transaction or in contemplation of such transaction (e.g., due diligence). In this event, we will notify you before your personal information is transferred and becomes subject to a different privacy policy and a different data controller. In such cases we will transfer or share your personal information given our legitimate interest in the continuity of the operations.
5. PROTECTING YOUR INFORMATION
The security of personal data is important to us. We have appropriate information policies, standards and technologies in place ensuring the security of our website and services and to protect your personal data from the point of collection to the point of destruction (including but not limited to encryption of personal data, data masking, administrative and technical access controls, security policy, etc.).
We have adopted the principle of privacy by design and will ensure that the definition and planning of all new or significantly changed systems that collect or process personal data will be subject to due consideration of privacy issues.
6. DATA SUBJECT RIGHTS
Under the General Data Protection Regulation, you have the right to access, rectify, port, and delete some of your data. You also have the right to object to and restrict certain processing of your data. This is a case-by-case determination that depends on things such as the nature of the data, why it is collected and processed, and relevant legal or operational retention needs.
You may exercise any of the rights described in this section before your Data Controller by sending an email in English to jonathan@keyfinmanagement.com. Please note that we always request you to verify your identity before taking further action on your request, therefore please provide us with the following details in the email:
- Your username
- Your full name
- Your date of birth
- Your full address and postcode
- The email address registered to your account
Please be aware that whilst we will try to accommodate any request you make in respect of your rights, they are not absolute rights. This means that we may have to refuse your request or may only be able to comply with it in part.
6.1. MANAGING YOUR INFORMATION
You may access and update some of your information through your account settings. You are responsible for keeping your personal information up to date.
6.2. RECTIFICATION OF INACCURATE OR INCOMPLETE INFORMATION
You have the right to ask us to correct inaccurate or incomplete personal information concerning you (and which you cannot update yourself within your Account).
6.3. DATA ACCESS AND PORTABILITY
You have the right to access your personal data held by us and a right to receive certain personal data in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).
We will provide a copy of your personal data undergoing processing free of charge. For any further copies requested, we may charge a reasonable fee based on administrative costs.
6.4. DATA RETENTION AND ERASURE
We will retain your personal data for the period necessary to perform the contract between you and us and to comply with applicable regulations and standards relating to gambling and gaming, anti-money laundering, taxation and complaint handling, the need to prevent or detect crime or other misuse of our services and audit requirements as well as for marketing purposes.
Accordingly, the Data Controller shall maintain your personal data for up to 10 years following the last data record related to you. Where it is no longer necessary to process your personal data, it will be deleted or anonymised. Please note, however, that we may be subject to legal and regulatory requirements to keep personal data for a longer period.
You have the right to have certain personal data erased or anonymised where it is no longer necessary for us to process it, where you have withdrawn your consent pursuant to paragraph 5.5, where you have objected pursuant to paragraph 5.6, where your personal data has been unlawfully processed, or where erasing your personal data is required in accordance with a legal obligation.
Please note that if you request the erasure of your personal information:
- We can retain and use your personal information to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for tax, anti-money laundering reporting and auditing obligations.
- We can retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety.
- Information that we receive about you (including financial transaction data) can be accessed and preserved for an extended period when it is the subject of a legal request or obligation, governmental investigation, or investigations of possible breaches of our terms or policies, or otherwise to prevent harm.
- To protect information from accidental or malicious destruction, when we delete/ anonymise information from our system, we may not immediately delete/anonymise residual copies from our servers or remove information from our backup systems. If deletion/anonymisation is not possible (because the data has been stored in backup archives) then we will securely store, isolate, and safeguard your information from any further use until deletion/anonymisation can be possible.
6.5. WITHDRAWING CONSENT AND RESTRICTION OF PROCESSING
Where we have specifically requested your consent to process your personal data and have no other lawful conditions to rely on, you have the right to withdraw this consent at any time by changing your Account settings or by sending a communication to jonathan@keyfinmanagement.com specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.
Additionally, applicable law may give you the right to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information; (ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing pursuant to next section and pending the verification whether the legitimate grounds of the Data Controller override your own.
6.6. OBJECTION TO PROCESSING
You have the right to object to processing where lawful basis is that it is in our legitimate interests, but please note that we may still process your personal data where there are other relevant lawful bases or where we have compelling grounds to continue processing your personal data in our interests which are not overridden by your rights, interests or freedoms.
You also have the right to object to direct marketing, which can be done by opting out of direct marketing either via your Account settings or by opting out via the communication itself. You also have a right to object to any profiling to the extent that it relates to direct marketing only.
6.7. LODGING COMPLAINTS
You have the right to lodge complaints about the data processing activities carried out by the Data Controller and the Payment Data Controller before the competent data protection authorities. Please refer to Section 8 for further information.
7. CONTACT US
If you have questions about this Policy or our information handling practices, or if you are seeking to exercise any of your rights, please contact our Data Protection Officer at: jonathan@keyfinmanagement.com.
8. FILING A COMPLAINT
If you are not satisfied with how we manage your personal data, you also have the right to lodge a complaint with your local Data Protection Authority.